/* Copyright (c) 2004-2005, Novell, Inc.
* All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
+ * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * The copyright holder's name is not used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * POSSIBILITY OF SUCH DAMAGE.
*/
/*
int i = 0;
if (list == NULL)
- return 0;
+ return 0;
for (i = 0; *list != NULL; list++) {
- i++;
+ i++;
}
return i;
int i = 0;
if (list == NULL)
- return 0;
+ return 0;
for (i = 0; *list != END_OF_LIST; list++) {
- i++;
+ i++;
}
return i;
char **list;
{
if (list == NULL)
- return;
- for(; *list != NULL; list++) {
- free(*list);
- *list = NULL;
+ return;
+ for (; *list != NULL; list++) {
+ free(*list);
+ *list = NULL;
}
return;
/*
- * Tokenize the given string based on the delimiter provided
+ * Tokenize the given string based on the delimiter provided
* and return the result as a list
*/
-krb5_error_code
+krb5_error_code
krb5_parse_list(buffer, delimiter, list)
char *buffer;
char *delimiter;
int count = 0;
if ((buffer == NULL) || (list == NULL) || (delimiter == NULL)) {
- return EINVAL;
+ return EINVAL;
}
str = strdup(buffer);
if (str == NULL)
- return ENOMEM;
+ return ENOMEM;
token = strtok_r(str, delimiter, &ptrptr);
- for (count = 1; ((token != NULL) && (count < MAX_LIST_ENTRIES));
- plist++, count++) {
- *plist = strdup(token);
- if (*plist == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- token = strtok_r(NULL, delimiter, &ptrptr);
+ for (count = 1; ((token != NULL) && (count < MAX_LIST_ENTRIES));
+ plist++, count++) {
+ *plist = strdup(token);
+ if (*plist == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ token = strtok_r(NULL, delimiter, &ptrptr);
}
*plist = NULL;
cleanup:
- if(str) {
- free(str);
- str = NULL;
+ if (str) {
+ free(str);
+ str = NULL;
}
if (retval)
- krb5_free_list_entries(list);
+ krb5_free_list_entries(list);
return retval;
}
/*
* Modifies the destination list to contain or not to contain the
- * entries present in the source list, depending on the mode
+ * entries present in the source list, depending on the mode
* (ADD or DELETE).
*/
void list_modify_str_array(destlist, sourcelist, mode)
int found = 0;
if ((destlist == NULL) || (*destlist == NULL) || (sourcelist == NULL))
- return;
+ return;
- /* We need to add every entry present in the source list to
+ /* We need to add every entry present in the source list to
* the destination list */
if (mode == LIST_MODE_ADD) {
- /* Traverse throught the end of destlist for appending */
- for(dlist = *destlist, dcount = 0; *dlist != NULL;
- dlist++, dcount++) {
- ; /* NULL statement */
- }
- /* Count the number of entries in the source list */
- for(slist = sourcelist, scount = 0; *slist != NULL;
- slist++, scount++) {
- ; /* NULL statement */
- }
- /* Reset the slist pointer to the start of source list */
- slist = sourcelist;
-
- /* Now append the source list to the existing destlist */
- if ((dcount + scount) < MAX_LIST_ENTRIES)
- copycount = scount;
- else
- /* Leave the last entry for list terminator(=NULL) */
- copycount = (MAX_LIST_ENTRIES -1) - dcount;
-
- memcpy(dlist, slist, (sizeof(char *) * copycount));
- dlist += copycount;
- *dlist = NULL;
- }
- else if (mode == LIST_MODE_DELETE) {
- /* We need to delete every entry present in the source list
- * from the destination list */
- for(slist = sourcelist; *slist != NULL; slist++) {
- for(dlist = *destlist; *dlist != NULL; dlist++) {
+ /* Traverse throught the end of destlist for appending */
+ for (dlist = *destlist, dcount = 0; *dlist != NULL;
+ dlist++, dcount++) {
+ ; /* NULL statement */
+ }
+ /* Count the number of entries in the source list */
+ for (slist = sourcelist, scount = 0; *slist != NULL;
+ slist++, scount++) {
+ ; /* NULL statement */
+ }
+ /* Reset the slist pointer to the start of source list */
+ slist = sourcelist;
+
+ /* Now append the source list to the existing destlist */
+ if ((dcount + scount) < MAX_LIST_ENTRIES)
+ copycount = scount;
+ else
+ /* Leave the last entry for list terminator(=NULL) */
+ copycount = (MAX_LIST_ENTRIES -1) - dcount;
+
+ memcpy(dlist, slist, (sizeof(char *) * copycount));
+ dlist += copycount;
+ *dlist = NULL;
+ } else if (mode == LIST_MODE_DELETE) {
+ /* We need to delete every entry present in the source list
+ * from the destination list */
+ for (slist = sourcelist; *slist != NULL; slist++) {
+ for (dlist = *destlist; *dlist != NULL; dlist++) {
found = 0; /* value not found */
- /* DN is case insensitive string */
- if (strcasecmp(*dlist, *slist) == 0) {
+ /* DN is case insensitive string */
+ if (strcasecmp(*dlist, *slist) == 0) {
found = 1;
- free(*dlist);
- /* Advance the rest of the entries by one */
- for(tmplist = dlist; *tmplist != NULL; tmplist++) {
- *tmplist = *(tmplist+1);
- }
- break;
- }
- }
- }
+ free(*dlist);
+ /* Advance the rest of the entries by one */
+ for (tmplist = dlist; *tmplist != NULL; tmplist++) {
+ *tmplist = *(tmplist+1);
+ }
+ break;
+ }
+ }
+ }
}
return;
/*
* Modifies the destination list to contain or not to contain the
- * entries present in the source list, depending on the mode
+ * entries present in the source list, depending on the mode
* (ADD or DELETE). where the list is array of integers.
*/
int list_modify_int_array(destlist, sourcelist, mode)
int tcount = 0;
if ((destlist == NULL) || (sourcelist == NULL))
- return 0;
+ return 0;
- /* We need to add every entry present in the source list to the
+ /* We need to add every entry present in the source list to the
* destination list */
if (mode == LIST_MODE_ADD) {
- /* Traverse throught the end of destlist for appending */
- for(dlist = destlist, dcount = 0; *dlist != END_OF_LIST;
- dlist++, dcount++)
- ; /* NULL statement */
-
- /* Count the number of entries in the source list */
- for(slist = sourcelist, scount = 0; *slist != END_OF_LIST;
- slist++, scount++)
- ; /* NULL statement */
-
- /* Reset the slist pointer to the start of source list */
- slist = sourcelist;
-
- /* Now append the source list to the existing destlist */
- if ((dcount + scount) < MAX_LIST_ENTRIES)
- copycount = scount;
- else
- /* Leave the last entry for list terminator(=NULL) */
- copycount = (MAX_LIST_ENTRIES -1) - dcount;
-
- memcpy(dlist, slist, (sizeof(int) * copycount));
- dlist += copycount;
- *dlist = END_OF_LIST;
- tcount = dcount + copycount;
- }
- else if (mode == LIST_MODE_DELETE) {
- /* We need to delete every entry present in the source list from
- * the destination list */
- for(slist = sourcelist; *slist != END_OF_LIST; slist++) {
- for(dlist = destlist; *dlist != END_OF_LIST; dlist++) {
- if (*dlist == *slist) {
- /* Advance the rest of the entries by one */
- for(tmplist = dlist; *tmplist != END_OF_LIST; tmplist++) {
- *tmplist = *(tmplist+1);
- }
- break;
- }
- }
- }
- /* count the number of entries */
- for(dlist = destlist, tcount = 0; *dlist != END_OF_LIST; dlist++) {
- tcount++;
- }
+ /* Traverse throught the end of destlist for appending */
+ for (dlist = destlist, dcount = 0; *dlist != END_OF_LIST;
+ dlist++, dcount++)
+ ; /* NULL statement */
+
+ /* Count the number of entries in the source list */
+ for (slist = sourcelist, scount = 0; *slist != END_OF_LIST;
+ slist++, scount++)
+ ; /* NULL statement */
+
+ /* Reset the slist pointer to the start of source list */
+ slist = sourcelist;
+
+ /* Now append the source list to the existing destlist */
+ if ((dcount + scount) < MAX_LIST_ENTRIES)
+ copycount = scount;
+ else
+ /* Leave the last entry for list terminator(=NULL) */
+ copycount = (MAX_LIST_ENTRIES -1) - dcount;
+
+ memcpy(dlist, slist, (sizeof(int) * copycount));
+ dlist += copycount;
+ *dlist = END_OF_LIST;
+ tcount = dcount + copycount;
+ } else if (mode == LIST_MODE_DELETE) {
+ /* We need to delete every entry present in the source list from
+ * the destination list */
+ for (slist = sourcelist; *slist != END_OF_LIST; slist++) {
+ for (dlist = destlist; *dlist != END_OF_LIST; dlist++) {
+ if (*dlist == *slist) {
+ /* Advance the rest of the entries by one */
+ for (tmplist = dlist; *tmplist != END_OF_LIST; tmplist++) {
+ *tmplist = *(tmplist+1);
+ }
+ break;
+ }
+ }
+ }
+ /* count the number of entries */
+ for (dlist = destlist, tcount = 0; *dlist != END_OF_LIST; dlist++) {
+ tcount++;
+ }
}
return tcount;
/* Copyright (c) 2004-2005, Novell, Inc.
* All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
+ * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * The copyright holder's name is not used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * POSSIBILITY OF SUCH DAMAGE.
*/
/*
/*
- * This function will create a ticket policy object with the
+ * This function will create a ticket policy object with the
* specified attributes.
*/
void
kdb5_ldap_create_policy(argc, argv)
- int argc;
- char *argv[];
+ int argc;
+ char *argv[];
{
char *me = argv[0];
krb5_error_code retval = 0;
/* Allocate memory for policy parameters structure */
policyparams = (krb5_ldap_policy_params*) calloc(1, sizeof(krb5_ldap_policy_params));
if (policyparams == NULL) {
- retval = ENOMEM;
- goto cleanup;
+ retval = ENOMEM;
+ goto cleanup;
}
/* Get current time */
/* Parse all arguments */
for (i = 1; i < argc; i++) {
- if (!strcmp(argv[i], "-maxtktlife")) {
- if (++i > argc - 1)
- goto err_usage;
-
- date = get_date(argv[i], NULL);
- if (date == (time_t)(-1)) {
- retval = EINVAL;
- com_err (me, retval, "while providing time specification");
- goto err_nomsg;
- }
-
- policyparams->maxtktlife = date - now;
-
- mask |= LDAP_POLICY_MAXTKTLIFE;
- }
- else if (!strcmp(argv[i], "-maxrenewlife")) {
- if (++i > argc - 1)
- goto err_usage;
-
- date = get_date(argv[i], NULL);
- if (date == (time_t)(-1)) {
- retval = EINVAL;
- com_err (me, retval, "while providing time specification");
- goto err_nomsg;
- }
-
- policyparams->maxrenewlife = date - now;
-
- mask |= LDAP_POLICY_MAXRENEWLIFE;
- }
- else if (!strcmp((argv[i] + 1), "allow_postdated")) {
- if (*(argv[i]) == '+')
- policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
- else if (*(argv[i]) == '-')
- policyparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
- else
- goto err_usage;
-
- mask |= LDAP_POLICY_TKTFLAGS;
- }
- else if (!strcmp((argv[i] + 1), "allow_forwardable")) {
- if (*(argv[i]) == '+')
- policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
- else if (*(argv[i]) == '-')
- policyparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
- else
- goto err_usage;
-
- mask |= LDAP_POLICY_TKTFLAGS;
- }
- else if (!strcmp((argv[i] + 1), "allow_renewable")) {
- if (*(argv[i]) == '+')
- policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
- else if (*(argv[i]) == '-')
- policyparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
- else
- goto err_usage;
-
- mask |= LDAP_POLICY_TKTFLAGS;
- }
- else if (!strcmp((argv[i] + 1), "allow_proxiable")) {
- if (*(argv[i]) == '+')
- policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
- else if (*(argv[i]) == '-')
- policyparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
- else
- goto err_usage;
-
- mask |= LDAP_POLICY_TKTFLAGS;
- }
- else if (!strcmp((argv[i] + 1), "allow_dup_skey")) {
- if (*(argv[i]) == '+')
- policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
- else if (*(argv[i]) == '-')
- policyparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
- else
- goto err_usage;
-
- mask |= LDAP_POLICY_TKTFLAGS;
- }
- else if (!strcmp((argv[i] + 1), "requires_preauth")) {
- if (*(argv[i]) == '+')
- policyparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
- else if (*(argv[i]) == '-')
- policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
- else
- goto err_usage;
-
- mask |= LDAP_POLICY_TKTFLAGS;
- }
- else if (!strcmp((argv[i] + 1), "requires_hwauth")) {
- if (*(argv[i]) == '+')
- policyparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
- else if (*(argv[i]) == '-')
- policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
- else
- goto err_usage;
-
- mask |= LDAP_POLICY_TKTFLAGS;
- }
- else if (!strcmp((argv[i] + 1), "allow_svr")) {
- if (*(argv[i]) == '+')
- policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
- else if (*(argv[i]) == '-')
- policyparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
- else
- goto err_usage;
-
- mask |= LDAP_POLICY_TKTFLAGS;
- }
- else if (!strcmp((argv[i] + 1), "allow_tgs_req")) {
- if (*(argv[i]) == '+')
- policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
- else if (*(argv[i]) == '-')
- policyparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
- else
- goto err_usage;
-
- mask |= LDAP_POLICY_TKTFLAGS;
- }
- else if (!strcmp((argv[i] + 1), "allow_tix")) {
- if (*(argv[i]) == '+')
- policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
- else if (*(argv[i]) == '-')
- policyparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
- else
- goto err_usage;
-
- mask |= LDAP_POLICY_TKTFLAGS;
- }
- else if (!strcmp((argv[i] + 1), "needchange")) {
- if (*(argv[i]) == '+')
- policyparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
- else if (*(argv[i]) == '-')
- policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
- else
- goto err_usage;
-
- mask |= LDAP_POLICY_TKTFLAGS;
- }
- else if (!strcmp((argv[i] + 1), "password_changing_service")) {
- if (*(argv[i]) == '+')
- policyparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
- else if (*(argv[i]) == '-')
- policyparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
- else
- goto err_usage;
-
- mask |= LDAP_POLICY_TKTFLAGS;
- }
- else { /* Any other argument must be policy DN */
- /* First check if policy DN is already provided --
- if so, there's a usage error */
- if (policyparams->policydn != NULL)
- goto err_usage;
-
- /* If not present already, fill up policy DN */
- policyparams->policydn = strdup(argv[i]);
- if (policyparams->policydn == NULL) {
- retval = ENOMEM;
- com_err(me, retval, "while creating policy object");
- goto err_nomsg;
- }
- }
+ if (!strcmp(argv[i], "-maxtktlife")) {
+ if (++i > argc - 1)
+ goto err_usage;
+
+ date = get_date(argv[i], NULL);
+ if (date == (time_t)(-1)) {
+ retval = EINVAL;
+ com_err (me, retval, "while providing time specification");
+ goto err_nomsg;
+ }
+
+ policyparams->maxtktlife = date - now;
+
+ mask |= LDAP_POLICY_MAXTKTLIFE;
+ } else if (!strcmp(argv[i], "-maxrenewlife")) {
+ if (++i > argc - 1)
+ goto err_usage;
+
+ date = get_date(argv[i], NULL);
+ if (date == (time_t)(-1)) {
+ retval = EINVAL;
+ com_err (me, retval, "while providing time specification");
+ goto err_nomsg;
+ }
+
+ policyparams->maxrenewlife = date - now;
+
+ mask |= LDAP_POLICY_MAXRENEWLIFE;
+ } else if (!strcmp((argv[i] + 1), "allow_postdated")) {
+ if (*(argv[i]) == '+')
+ policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
+ else if (*(argv[i]) == '-')
+ policyparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
+ else
+ goto err_usage;
+
+ mask |= LDAP_POLICY_TKTFLAGS;
+ } else if (!strcmp((argv[i] + 1), "allow_forwardable")) {
+ if (*(argv[i]) == '+')
+ policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
+ else if (*(argv[i]) == '-')
+ policyparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
+ else
+ goto err_usage;
+
+ mask |= LDAP_POLICY_TKTFLAGS;
+ } else if (!strcmp((argv[i] + 1), "allow_renewable")) {
+ if (*(argv[i]) == '+')
+ policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
+ else if (*(argv[i]) == '-')
+ policyparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
+ else
+ goto err_usage;
+
+ mask |= LDAP_POLICY_TKTFLAGS;
+ } else if (!strcmp((argv[i] + 1), "allow_proxiable")) {
+ if (*(argv[i]) == '+')
+ policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
+ else if (*(argv[i]) == '-')
+ policyparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
+ else
+ goto err_usage;
+
+ mask |= LDAP_POLICY_TKTFLAGS;
+ } else if (!strcmp((argv[i] + 1), "allow_dup_skey")) {
+ if (*(argv[i]) == '+')
+ policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
+ else if (*(argv[i]) == '-')
+ policyparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
+ else
+ goto err_usage;
+
+ mask |= LDAP_POLICY_TKTFLAGS;
+ } else if (!strcmp((argv[i] + 1), "requires_preauth")) {
+ if (*(argv[i]) == '+')
+ policyparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
+ else if (*(argv[i]) == '-')
+ policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
+ else
+ goto err_usage;
+
+ mask |= LDAP_POLICY_TKTFLAGS;
+ } else if (!strcmp((argv[i] + 1), "requires_hwauth")) {
+ if (*(argv[i]) == '+')
+ policyparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
+ else if (*(argv[i]) == '-')
+ policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
+ else
+ goto err_usage;
+
+ mask |= LDAP_POLICY_TKTFLAGS;
+ } else if (!strcmp((argv[i] + 1), "allow_svr")) {
+ if (*(argv[i]) == '+')
+ policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
+ else if (*(argv[i]) == '-')
+ policyparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
+ else
+ goto err_usage;
+
+ mask |= LDAP_POLICY_TKTFLAGS;
+ } else if (!strcmp((argv[i] + 1), "allow_tgs_req")) {
+ if (*(argv[i]) == '+')
+ policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
+ else if (*(argv[i]) == '-')
+ policyparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
+ else
+ goto err_usage;
+
+ mask |= LDAP_POLICY_TKTFLAGS;
+ } else if (!strcmp((argv[i] + 1), "allow_tix")) {
+ if (*(argv[i]) == '+')
+ policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
+ else if (*(argv[i]) == '-')
+ policyparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
+ else
+ goto err_usage;
+
+ mask |= LDAP_POLICY_TKTFLAGS;
+ } else if (!strcmp((argv[i] + 1), "needchange")) {
+ if (*(argv[i]) == '+')
+ policyparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
+ else if (*(argv[i]) == '-')
+ policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
+ else
+ goto err_usage;
+
+ mask |= LDAP_POLICY_TKTFLAGS;
+ } else if (!strcmp((argv[i] + 1), "password_changing_service")) {
+ if (*(argv[i]) == '+')
+ policyparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
+ else if (*(argv[i]) == '-')
+ policyparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
+ else
+ goto err_usage;
+
+ mask |= LDAP_POLICY_TKTFLAGS;
+ } else { /* Any other argument must be policy DN */
+ /* First check if policy DN is already provided --
+ if so, there's a usage error */
+ if (policyparams->policydn != NULL)
+ goto err_usage;
+
+ /* If not present already, fill up policy DN */
+ policyparams->policydn = strdup(argv[i]);
+ if (policyparams->policydn == NULL) {
+ retval = ENOMEM;
+ com_err(me, retval, "while creating policy object");
+ goto err_nomsg;
+ }
+ }
}
/* policy DN is a mandatory argument. If not provided, print usage */
if (policyparams->policydn == NULL)
- goto err_usage;
+ goto err_usage;
/* Create object with all attributes provided */
if ((retval = krb5_ldap_create_policy(util_context, policyparams, mask)) != 0)
- goto cleanup;
+ goto cleanup;
goto cleanup;
krb5_ldap_free_policy (util_context, policyparams);
if (print_usage)
- db_usage(CREATE_POLICY);
+ db_usage(CREATE_POLICY);
if (retval) {
- if (!no_msg)
- com_err(me, retval, "while creating policy object");
+ if (!no_msg)
+ com_err(me, retval, "while creating policy object");
- exit_status++;
+ exit_status++;
}
return;
/*
- * This function will destroy the specified ticket policy
+ * This function will destroy the specified ticket policy
* object interactively, unless forced through an option.
*/
void
for (i = 1; i < argc; i++) {
if (strcmp(argv[i], "-force") == 0) {
force++;
+ } else { /* Any other argument must be policy DN */
+ /* First check if policy DN is already provided --
+ if so, there's a usage error */
+ if (policydn != NULL)
+ goto err_usage;
+
+ /* If not present already, fill up policy DN */
+ policydn = strdup(argv[i]);
+ if (policydn == NULL) {
+ retval = ENOMEM;
+ com_err(me, retval, "while destroying policy object");
+ goto err_nomsg;
+ }
}
- else { /* Any other argument must be policy DN */
- /* First check if policy DN is already provided --
- if so, there's a usage error */
- if (policydn != NULL)
- goto err_usage;
-
- /* If not present already, fill up policy DN */
- policydn = strdup(argv[i]);
- if (policydn == NULL) {
- retval = ENOMEM;
- com_err(me, retval, "while destroying policy object");
- goto err_nomsg;
- }
- }
}
if (policydn == NULL)
- goto err_usage;
+ goto err_usage;
if (!force) {
- printf("This will delete the policy object '%s', are you sure?\n", policydn);
- printf("(type 'yes' to confirm)? ");
+ printf("This will delete the policy object '%s', are you sure?\n", policydn);
+ printf("(type 'yes' to confirm)? ");
- if (fgets(buf, sizeof(buf), stdin) == NULL) {
+ if (fgets(buf, sizeof(buf), stdin) == NULL) {
retval = EINVAL;
goto cleanup;
}
if ((retval = krb5_ldap_read_policy(util_context, policydn, &policyparams, &mask)))
goto cleanup;
-
-
+
+
if ((retval = krb5_ldap_delete_policy(util_context, policydn, policyparams,&mask)))
goto cleanup;
printf("** policy object '%s' deleted.\n", policydn);
goto cleanup;
-
-
+
+
err_usage:
print_usage = TRUE;
err_nomsg:
no_msg = TRUE;
-
+
cleanup:
/* Clean-up structure */
krb5_ldap_free_policy (util_context, policyparams);
if (policydn) {
free (policydn);
}
-
+
if (print_usage) {
db_usage(DESTROY_POLICY);
}
if (retval) {
- if (!no_msg)
- com_err(me, retval, "while destroying policy object");
+ if (!no_msg)
+ com_err(me, retval, "while destroying policy object");
- exit_status++;
+ exit_status++;
}
return;
*/
void
kdb5_ldap_modify_policy(argc, argv)
- int argc;
- char *argv[];
+ int argc;
+ char *argv[];
{
char *me = argv[0];
krb5_error_code retval = 0;
/* Parse all arguments, only to pick up policy DN (Pass 1) */
for (i = 1; i < argc; i++) {
- /* Skip arguments next to 'maxtktlife'
- and 'maxrenewlife' arguments */
- if (!strcmp(argv[i], "-maxtktlife")) {
- ++i;
- }
- else if (!strcmp(argv[i], "-maxrenewlife")) {
- ++i;
- }
- /* Do nothing for ticket flag arguments */
- else if (!strcmp((argv[i] + 1), "allow_postdated") ||
- !strcmp((argv[i] + 1), "allow_forwardable") ||
- !strcmp((argv[i] + 1), "allow_renewable") ||
- !strcmp((argv[i] + 1), "allow_proxiable") ||
- !strcmp((argv[i] + 1), "allow_dup_skey") ||
- !strcmp((argv[i] + 1), "requires_preauth") ||
- !strcmp((argv[i] + 1), "requires_hwauth") ||
- !strcmp((argv[i] + 1), "allow_svr") ||
- !strcmp((argv[i] + 1), "allow_tgs_req") ||
- !strcmp((argv[i] + 1), "allow_tix") ||
- !strcmp((argv[i] + 1), "needchange") ||
- !strcmp((argv[i] + 1), "password_changing_service")) {
- }
- else { /* Any other argument must be policy DN */
- /* First check if policy DN is already provided --
- if so, there's a usage error */
- if (policydn != NULL)
- goto err_usage;
-
- /* If not present already, fill up policy DN */
- policydn = strdup(argv[i]);
- if (policydn == NULL) {
- retval = ENOMEM;
- com_err(me, retval, "while modifying policy object");
- goto err_nomsg;
- }
+ /* Skip arguments next to 'maxtktlife'
+ and 'maxrenewlife' arguments */
+ if (!strcmp(argv[i], "-maxtktlife")) {
+ ++i;
+ } else if (!strcmp(argv[i], "-maxrenewlife")) {
+ ++i;
+ }
+ /* Do nothing for ticket flag arguments */
+ else if (!strcmp((argv[i] + 1), "allow_postdated") ||
+ !strcmp((argv[i] + 1), "allow_forwardable") ||
+ !strcmp((argv[i] + 1), "allow_renewable") ||
+ !strcmp((argv[i] + 1), "allow_proxiable") ||
+ !strcmp((argv[i] + 1), "allow_dup_skey") ||
+ !strcmp((argv[i] + 1), "requires_preauth") ||
+ !strcmp((argv[i] + 1), "requires_hwauth") ||
+ !strcmp((argv[i] + 1), "allow_svr") ||
+ !strcmp((argv[i] + 1), "allow_tgs_req") ||
+ !strcmp((argv[i] + 1), "allow_tix") ||
+ !strcmp((argv[i] + 1), "needchange") ||
+ !strcmp((argv[i] + 1), "password_changing_service")) {
+ } else { /* Any other argument must be policy DN */
+ /* First check if policy DN is already provided --
+ if so, there's a usage error */
+ if (policydn != NULL)
+ goto err_usage;
+
+ /* If not present already, fill up policy DN */
+ policydn = strdup(argv[i]);
+ if (policydn == NULL) {
+ retval = ENOMEM;
+ com_err(me, retval, "while modifying policy object");
+ goto err_nomsg;
+ }
}
}
if (policydn == NULL)
- goto err_usage;
+ goto err_usage;
retval = krb5_ldap_read_policy(util_context, policydn, &policyparams, &in_mask);
if (retval) {
- com_err(me, retval, "while reading information of policy '%s'", policydn);
- goto err_nomsg;
+ com_err(me, retval, "while reading information of policy '%s'", policydn);
+ goto err_nomsg;
}
/* Get current time */
/* Parse all arguments, but skip policy DN (Pass 2) */
for (i = 1; i < argc; i++) {
- if (!strcmp(argv[i], "-maxtktlife")) {
- if (++i > argc - 1)
- goto err_usage;
-
- date = get_date(argv[i], NULL);
- if (date == (time_t)(-1)) {
- retval = EINVAL;
- com_err (me, retval, "while providing time specification");
- goto err_nomsg;
- }
-
- policyparams->maxtktlife = date - now;
-
- out_mask |= LDAP_POLICY_MAXTKTLIFE;
- }
- else if (!strcmp(argv[i], "-maxrenewlife")) {
- if (++i > argc - 1)
- goto err_usage;
-
- date = get_date(argv[i], NULL);
- if (date == (time_t)(-1)) {
- retval = EINVAL;
- com_err (me, retval, "while providing time specification");
- goto err_nomsg;
- }
-
- policyparams->maxrenewlife = date - now;
-
- out_mask |= LDAP_POLICY_MAXRENEWLIFE;
- }
- else if (!strcmp((argv[i] + 1), "allow_postdated")) {
- if (*(argv[i]) == '+')
- policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
- else if (*(argv[i]) == '-')
- policyparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
- else
- goto err_usage;
-
- out_mask |= LDAP_POLICY_TKTFLAGS;
- }
- else if (!strcmp((argv[i] + 1), "allow_forwardable")) {
- if (*(argv[i]) == '+')
- policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
- else if (*(argv[i]) == '-')
- policyparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
- else
- goto err_usage;
-
- out_mask |= LDAP_POLICY_TKTFLAGS;
- }
- else if (!strcmp((argv[i] + 1), "allow_renewable")) {
- if (*(argv[i]) == '+')
- policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
- else if (*(argv[i]) == '-')
- policyparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
- else
- goto err_usage;
-
- out_mask |= LDAP_POLICY_TKTFLAGS;
- }
- else if (!strcmp((argv[i] + 1), "allow_proxiable")) {
- if (*(argv[i]) == '+')
- policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
- else if (*(argv[i]) == '-')
- policyparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
- else
- goto err_usage;
-
- out_mask |= LDAP_POLICY_TKTFLAGS;
- }
- else if (!strcmp((argv[i] + 1), "allow_dup_skey")) {
- if (*(argv[i]) == '+')
- policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
- else if (*(argv[i]) == '-')
- policyparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
- else
- goto err_usage;
-
- out_mask |= LDAP_POLICY_TKTFLAGS;
- }
- else if (!strcmp((argv[i] + 1), "requires_preauth")) {
- if (*(argv[i]) == '+')
- policyparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
- else if (*(argv[i]) == '-')
- policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
- else
- goto err_usage;
-
- out_mask |= LDAP_POLICY_TKTFLAGS;
- }
- else if (!strcmp((argv[i] + 1), "requires_hwauth")) {
- if (*(argv[i]) == '+')
- policyparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
- else if (*(argv[i]) == '-')
- policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
- else
- goto err_usage;
-
- out_mask |= LDAP_POLICY_TKTFLAGS;
- }
- else if (!strcmp((argv[i] + 1), "allow_svr")) {
- if (*(argv[i]) == '+')
- policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
- else if (*(argv[i]) == '-')
- policyparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
- else
- goto err_usage;
-
- out_mask |= LDAP_POLICY_TKTFLAGS;
- }
- else if (!strcmp((argv[i] + 1), "allow_tgs_req")) {
- if (*(argv[i]) == '+')
- policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
- else if (*(argv[i]) == '-')
- policyparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
- else
- goto err_usage;
-
- out_mask |= LDAP_POLICY_TKTFLAGS;
- }
- else if (!strcmp((argv[i] + 1), "allow_tix")) {
- if (*(argv[i]) == '+')
- policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
- else if (*(argv[i]) == '-')
- policyparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
- else
- goto err_usage;
-
- out_mask |= LDAP_POLICY_TKTFLAGS;
- }
- else if (!strcmp((argv[i] + 1), "needchange")) {
- if (*(argv[i]) == '+')
- policyparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
- else if (*(argv[i]) == '-')
- policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
- else
- goto err_usage;
-
- out_mask |= LDAP_POLICY_TKTFLAGS;
- }
- else if (!strcmp((argv[i] + 1), "password_changing_service")) {
- if (*(argv[i]) == '+')
- policyparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
- else if (*(argv[i]) == '-')
- policyparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
- else
- goto err_usage;
-
- out_mask |= LDAP_POLICY_TKTFLAGS;
- }
- else {
- /* Any other argument must be policy DN
- -- skip it */
- }
+ if (!strcmp(argv[i], "-maxtktlife")) {
+ if (++i > argc - 1)
+ goto err_usage;
+
+ date = get_date(argv[i], NULL);
+ if (date == (time_t)(-1)) {
+ retval = EINVAL;
+ com_err (me, retval, "while providing time specification");
+ goto err_nomsg;
+ }
+
+ policyparams->maxtktlife = date - now;
+
+ out_mask |= LDAP_POLICY_MAXTKTLIFE;
+ } else if (!strcmp(argv[i], "-maxrenewlife")) {
+ if (++i > argc - 1)
+ goto err_usage;
+
+ date = get_date(argv[i], NULL);
+ if (date == (time_t)(-1)) {
+ retval = EINVAL;
+ com_err (me, retval, "while providing time specification");
+ goto err_nomsg;
+ }
+
+ policyparams->maxrenewlife = date - now;
+
+ out_mask |= LDAP_POLICY_MAXRENEWLIFE;
+ } else if (!strcmp((argv[i] + 1), "allow_postdated")) {
+ if (*(argv[i]) == '+')
+ policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
+ else if (*(argv[i]) == '-')
+ policyparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
+ else
+ goto err_usage;
+
+ out_mask |= LDAP_POLICY_TKTFLAGS;
+ } else if (!strcmp((argv[i] + 1), "allow_forwardable")) {
+ if (*(argv[i]) == '+')
+ policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
+ else if (*(argv[i]) == '-')
+ policyparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
+ else
+ goto err_usage;
+
+ out_mask |= LDAP_POLICY_TKTFLAGS;
+ } else if (!strcmp((argv[i] + 1), "allow_renewable")) {
+ if (*(argv[i]) == '+')
+ policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
+ else if (*(argv[i]) == '-')
+ policyparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
+ else
+ goto err_usage;
+
+ out_mask |= LDAP_POLICY_TKTFLAGS;
+ } else if (!strcmp((argv[i] + 1), "allow_proxiable")) {
+ if (*(argv[i]) == '+')
+ policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
+ else if (*(argv[i]) == '-')
+ policyparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
+ else
+ goto err_usage;
+
+ out_mask |= LDAP_POLICY_TKTFLAGS;
+ } else if (!strcmp((argv[i] + 1), "allow_dup_skey")) {
+ if (*(argv[i]) == '+')
+ policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
+ else if (*(argv[i]) == '-')
+ policyparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
+ else
+ goto err_usage;
+
+ out_mask |= LDAP_POLICY_TKTFLAGS;
+ } else if (!strcmp((argv[i] + 1), "requires_preauth")) {
+ if (*(argv[i]) == '+')
+ policyparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
+ else if (*(argv[i]) == '-')
+ policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
+ else
+ goto err_usage;
+
+ out_mask |= LDAP_POLICY_TKTFLAGS;
+ } else if (!strcmp((argv[i] + 1), "requires_hwauth")) {
+ if (*(argv[i]) == '+')
+ policyparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
+ else if (*(argv[i]) == '-')
+ policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
+ else
+ goto err_usage;
+
+ out_mask |= LDAP_POLICY_TKTFLAGS;
+ } else if (!strcmp((argv[i] + 1), "allow_svr")) {
+ if (*(argv[i]) == '+')
+ policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
+ else if (*(argv[i]) == '-')
+ policyparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
+ else
+ goto err_usage;
+
+ out_mask |= LDAP_POLICY_TKTFLAGS;
+ } else if (!strcmp((argv[i] + 1), "allow_tgs_req")) {
+ if (*(argv[i]) == '+')
+ policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
+ else if (*(argv[i]) == '-')
+ policyparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
+ else
+ goto err_usage;
+
+ out_mask |= LDAP_POLICY_TKTFLAGS;
+ } else if (!strcmp((argv[i] + 1), "allow_tix")) {
+ if (*(argv[i]) == '+')
+ policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
+ else if (*(argv[i]) == '-')
+ policyparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
+ else
+ goto err_usage;
+
+ out_mask |= LDAP_POLICY_TKTFLAGS;
+ } else if (!strcmp((argv[i] + 1), "needchange")) {
+ if (*(argv[i]) == '+')
+ policyparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
+ else if (*(argv[i]) == '-')
+ policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
+ else
+ goto err_usage;
+
+ out_mask |= LDAP_POLICY_TKTFLAGS;
+ } else if (!strcmp((argv[i] + 1), "password_changing_service")) {
+ if (*(argv[i]) == '+')
+ policyparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
+ else if (*(argv[i]) == '-')
+ policyparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
+ else
+ goto err_usage;
+
+ out_mask |= LDAP_POLICY_TKTFLAGS;
+ } else {
+ /* Any other argument must be policy DN
+ -- skip it */
+ }
}
/* Modify attributes of object */
if ((retval = krb5_ldap_modify_policy(util_context, policyparams, out_mask)))
- goto cleanup;
+ goto cleanup;
goto cleanup;
krb5_ldap_free_policy (util_context, policyparams);
if (policydn)
- free (policydn);
+ free (policydn);
if (print_usage)
- db_usage(MODIFY_POLICY);
+ db_usage(MODIFY_POLICY);
if (retval) {
- if (!no_msg)
- com_err(me, retval, "while modifying policy object");
+ if (!no_msg)
+ com_err(me, retval, "while modifying policy object");
- exit_status++;
+ exit_status++;
}
return;
}
-/*
+/*
* This function will display information about the given policy object,
* fetching the information from the LDAP Server.
*/
int mask = 0;
if (argc != 2) {
- goto err_usage;
+ goto err_usage;
}
policydn = strdup(argv[1]);
if (policydn == NULL) {
- com_err(me, ENOMEM, "while viewing policy");
- exit_status++;
- goto cleanup;
+ com_err(me, ENOMEM, "while viewing policy");
+ exit_status++;
+ goto cleanup;
}
if ((retval = krb5_ldap_read_policy(util_context, policydn, &policyparams, &mask))) {
- com_err(me, retval, "while viewing policy '%s'", policydn );
- exit_status++;
- goto cleanup;
+ com_err(me, retval, "while viewing policy '%s'", policydn);
+ exit_status++;
+ goto cleanup;
}
print_policy_params (policyparams, mask);
free (policydn);
if (print_usage) {
- db_usage(VIEW_POLICY);
+ db_usage(VIEW_POLICY);
}
return;
}
-/*
- * This function will print the policy object information to the
+/*
+ * This function will print the policy object information to the
* standard output.
*/
static void
/* Print max. ticket life and max. renewable life, if present */
if (mask & LDAP_POLICY_MAXTKTLIFE)
- printf("%25s: %s\n", "Maximum ticket life", strdur(policyparams->maxtktlife));
+ printf("%25s: %s\n", "Maximum ticket life", strdur(policyparams->maxtktlife));
if (mask & LDAP_POLICY_MAXRENEWLIFE)
- printf("%25s: %s\n", "Maximum renewable life", strdur(policyparams->maxrenewlife));
+ printf("%25s: %s\n", "Maximum renewable life", strdur(policyparams->maxrenewlife));
/* Service flags are printed */
printf("%25s: ", "Ticket flags");
if (mask & LDAP_POLICY_TKTFLAGS) {
- int ticketflags = policyparams->tktflags;
-
- if (ticketflags & KRB5_KDB_DISALLOW_POSTDATED)
- printf("%s ","DISALLOW_POSTDATED");
-
- if (ticketflags & KRB5_KDB_DISALLOW_FORWARDABLE)
- printf("%s ","DISALLOW_FORWARDABLE");
-
- if (ticketflags & KRB5_KDB_DISALLOW_RENEWABLE)
- printf("%s ","DISALLOW_RENEWABLE");
-
- if (ticketflags & KRB5_KDB_DISALLOW_PROXIABLE)
- printf("%s ","DISALLOW_PROXIABLE");
-
- if (ticketflags & KRB5_KDB_DISALLOW_DUP_SKEY)
- printf("%s ","DISALLOW_DUP_SKEY");
-
- if (ticketflags & KRB5_KDB_REQUIRES_PRE_AUTH)
- printf("%s ","REQUIRES_PRE_AUTH");
-
- if (ticketflags & KRB5_KDB_REQUIRES_HW_AUTH)
- printf("%s ","REQUIRES_HW_AUTH");
-
- if (ticketflags & KRB5_KDB_DISALLOW_SVR)
- printf("%s ","DISALLOW_SVR");
-
- if (ticketflags & KRB5_KDB_DISALLOW_TGT_BASED)
- printf("%s ","DISALLOW_TGT_BASED");
-
- if (ticketflags & KRB5_KDB_DISALLOW_ALL_TIX)
- printf("%s ","DISALLOW_ALL_TIX");
-
- if (ticketflags & KRB5_KDB_REQUIRES_PWCHANGE)
- printf("%s ","REQUIRES_PWCHANGE");
-
- if (ticketflags & KRB5_KDB_PWCHANGE_SERVICE)
- printf("%s ","PWCHANGE_SERVICE");
+ int ticketflags = policyparams->tktflags;
+
+ if (ticketflags & KRB5_KDB_DISALLOW_POSTDATED)
+ printf("%s ","DISALLOW_POSTDATED");
+
+ if (ticketflags & KRB5_KDB_DISALLOW_FORWARDABLE)
+ printf("%s ","DISALLOW_FORWARDABLE");
+
+ if (ticketflags & KRB5_KDB_DISALLOW_RENEWABLE)
+ printf("%s ","DISALLOW_RENEWABLE");
+
+ if (ticketflags & KRB5_KDB_DISALLOW_PROXIABLE)
+ printf("%s ","DISALLOW_PROXIABLE");
+
+ if (ticketflags & KRB5_KDB_DISALLOW_DUP_SKEY)
+ printf("%s ","DISALLOW_DUP_SKEY");
+
+ if (ticketflags & KRB5_KDB_REQUIRES_PRE_AUTH)
+ printf("%s ","REQUIRES_PRE_AUTH");
+
+ if (ticketflags & KRB5_KDB_REQUIRES_HW_AUTH)
+ printf("%s ","REQUIRES_HW_AUTH");
+
+ if (ticketflags & KRB5_KDB_DISALLOW_SVR)
+ printf("%s ","DISALLOW_SVR");
+
+ if (ticketflags & KRB5_KDB_DISALLOW_TGT_BASED)
+ printf("%s ","DISALLOW_TGT_BASED");
+
+ if (ticketflags & KRB5_KDB_DISALLOW_ALL_TIX)
+ printf("%s ","DISALLOW_ALL_TIX");
+
+ if (ticketflags & KRB5_KDB_REQUIRES_PWCHANGE)
+ printf("%s ","REQUIRES_PWCHANGE");
+
+ if (ticketflags & KRB5_KDB_PWCHANGE_SERVICE)
+ printf("%s ","PWCHANGE_SERVICE");
}
printf("\n");
-
+
return;
}
-/*
- * This function will list the DNs of policy objects under a specific
+/*
+ * This function will list the DNs of policy objects under a specific
* sub-tree (entire tree by default)
*/
void kdb5_ldap_list_policies(argc, argv)
/* Parse base DN argument if present */
if (argc == 3) {
- if (strcmp(argv[1], "-basedn"))
- goto err_usage;
-
- basedn = strdup(argv[2]);
- if (basedn == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
+ if (strcmp(argv[1], "-basedn"))
+ goto err_usage;
+
+ basedn = strdup(argv[2]);
+ if (basedn == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
}
retval = krb5_ldap_list_policy(util_context, basedn, &list);
if ((retval != 0) || (list == NULL))
- goto cleanup;
+ goto cleanup;
for (plist = list; *plist != NULL; plist++) {
- printf("%s\n", *plist);
+ printf("%s\n", *plist);
}
goto cleanup;
cleanup:
if (list != NULL) {
- krb5_free_list_entries (list);
- free (list);
+ krb5_free_list_entries (list);
+ free (list);
}
if (basedn)
free (basedn);
if (print_usage) {
- db_usage(LIST_POLICY);
+ db_usage(LIST_POLICY);
}
if (retval) {
- com_err(me, retval, "while listing policy objects");
- exit_status++;
+ com_err(me, retval, "while listing policy objects");
+ exit_status++;
}
return;
hours, minutes, seconds);
return out;
}
-
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
/*
* Copyright (C) 1998 by the FundsXpress, INC.
- *
+ *
* All rights reserved.
- *
+ *
* Export of this software from the United States of America may require
* a specific license from the United States Government. It is the
* responsibility of any person or organization contemplating export to
* obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* permission. FundsXpress makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
- *
+ *
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
/* Copyright (c) 2004-2005, Novell, Inc.
* All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
+ * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * The copyright holder's name is not used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * POSSIBILITY OF SUCH DAMAGE.
*/
/*
};
krb5_data tgt_princ_entries[] = {
- {0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME},
- {0, 0, 0} };
+ {0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME},
+ {0, 0, 0} };
krb5_data db_creator_entries[] = {
- {0, sizeof("db_creation")-1, "db_creation"} };
+ {0, sizeof("db_creation")-1, "db_creation"} };
static krb5_principal_data db_create_princ = {
- 0, /* magic number */
- {0, 0, 0}, /* krb5_data realm */
- db_creator_entries, /* krb5_data *data */
- 1, /* int length */
- KRB5_NT_SRV_INST /* int type */
+ 0, /* magic number */
+ {0, 0, 0}, /* krb5_data realm */
+ db_creator_entries, /* krb5_data *data */
+ 1, /* int length */
+ KRB5_NT_SRV_INST /* int type */
};
extern char *mkey_password;
static void print_realm_params(krb5_ldap_realm_params *rparams, int mask);
static int kdb_ldap_create_principal (krb5_context context, krb5_principal
- princ, enum ap_op op, struct realm_info *pblock);
+ princ, enum ap_op op, struct realm_info *pblock);
static char *strdur(time_t duration);
static int get_ticket_policy(rparams,i,argv,argc)
- krb5_ldap_realm_params *rparams;
- int *i;
- char *argv[];
- int argc;
+ krb5_ldap_realm_params *rparams;
+ int *i;
+ char *argv[];
+ int argc;
{
- time_t date;
- time_t now;
- time(&now);
- int mask = 0;
- krb5_error_code retval = 0;
- krb5_boolean no_msg = FALSE;
-
- krb5_boolean print_usage = FALSE;
- char *me = argv[0];
- if (!strcmp(argv[*i], "-maxtktlife")) {
- if (++(*i) > argc-1)
- goto err_usage;
- date = get_date(argv[*i], NULL);
- if (date == (time_t)(-1)) {
- retval = EINVAL;
- com_err (me, retval, "while providing time specification");
- goto err_nomsg;
- }
- rparams->max_life = date-now;
- mask |= LDAP_REALM_MAXTICKETLIFE;
- }
-
-
- else if (!strcmp(argv[*i], "-maxrenewlife")) {
- if (++(*i) > argc-1)
- goto err_usage;
-
- date = get_date(argv[*i], NULL);
- if (date == (time_t)(-1)) {
- retval = EINVAL;
- com_err (me, retval, "while providing time specification");
- goto err_nomsg;
- }
- rparams->max_renewable_life = date-now;
- mask |= LDAP_REALM_MAXRENEWLIFE;
- }
- else if (!strcmp((argv[*i] + 1), "allow_postdated")) {
- if (*(argv[*i]) == '+')
- rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
- else if (*(argv[*i]) == '-')
- rparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
- else
- goto err_usage;
-
- mask |= LDAP_REALM_KRBTICKETFLAGS;
- }
- else if (!strcmp((argv[*i] + 1), "allow_forwardable")) {
- if (*(argv[*i]) == '+')
- rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
-
- else if (*(argv[*i]) == '-')
- rparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
- else
- goto err_usage;
-
- mask |= LDAP_REALM_KRBTICKETFLAGS;
- }
- else if (!strcmp((argv[*i] + 1), "allow_renewable")) {
- if (*(argv[*i]) == '+')
- rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
- else if (*(argv[*i]) == '-')
- rparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
- else
- goto err_usage;
-
- mask |= LDAP_REALM_KRBTICKETFLAGS;
- }
- else if (!strcmp((argv[*i] + 1), "allow_proxiable")) {
- if (*(argv[*i]) == '+')
- rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
- else if (*(argv[*i]) == '-')
- rparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
- else
- goto err_usage;
-
- mask |= LDAP_REALM_KRBTICKETFLAGS;
- }
- else if (!strcmp((argv[*i] + 1), "allow_dup_skey")) {
- if (*(argv[*i]) == '+')
- rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
- else if (*(argv[*i]) == '-')
- rparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
- else
- goto err_usage;
-
- mask |= LDAP_REALM_KRBTICKETFLAGS;
- }
-
- else if (!strcmp((argv[*i] + 1), "requires_preauth")) {
- if (*(argv[*i]) == '+')
- rparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
- else if (*(argv[*i]) == '-')
- rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
- else
- goto err_usage;
-
- mask |= LDAP_REALM_KRBTICKETFLAGS;
- }
- else if (!strcmp((argv[*i] + 1), "requires_hwauth")) {
- if (*(argv[*i]) == '+')
- rparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
- else if (*(argv[*i]) == '-')
- rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
- else
- goto err_usage;
-
- mask |= LDAP_REALM_KRBTICKETFLAGS;
- }
- else if (!strcmp((argv[*i] + 1), "allow_svr")) {
- if (*(argv[*i]) == '+')
- rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
- else if (*(argv[*i]) == '-')
- rparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
- else
- goto err_usage;
+ time_t date;
+ time_t now;
+ time(&now);
+ int mask = 0;
+ krb5_error_code retval = 0;
+ krb5_boolean no_msg = FALSE;
- mask |= LDAP_REALM_KRBTICKETFLAGS;
+ krb5_boolean print_usage = FALSE;
+ char *me = argv[0];
+ if (!strcmp(argv[*i], "-maxtktlife")) {
+ if (++(*i) > argc-1)
+ goto err_usage;
+ date = get_date(argv[*i], NULL);
+ if (date == (time_t)(-1)) {
+ retval = EINVAL;
+ com_err (me, retval, "while providing time specification");
+ goto err_nomsg;
}
- else if (!strcmp((argv[*i] + 1), "allow_tgs_req")) {
- if (*(argv[*i]) == '+')
- rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
- else if (*(argv[*i]) == '-')
- rparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
- else
- goto err_usage;
+ rparams->max_life = date-now;
+ mask |= LDAP_REALM_MAXTICKETLIFE;
+ }
- mask |= LDAP_REALM_KRBTICKETFLAGS;
- }
- else if (!strcmp((argv[*i] + 1), "allow_tix")) {
- if (*(argv[*i]) == '+')
- rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
- else if (*(argv[*i]) == '-')
- rparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
- else
- goto err_usage;
- mask |= LDAP_REALM_KRBTICKETFLAGS;
- }
- else if (!strcmp((argv[*i] + 1), "needchange")) {
- if (*(argv[*i]) == '+')
- rparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
- else if (*(argv[*i]) == '-')
- rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
- else
- goto err_usage;
+ else if (!strcmp(argv[*i], "-maxrenewlife")) {
+ if (++(*i) > argc-1)
+ goto err_usage;
- mask |= LDAP_REALM_KRBTICKETFLAGS;
+ date = get_date(argv[*i], NULL);
+ if (date == (time_t)(-1)) {
+ retval = EINVAL;
+ com_err (me, retval, "while providing time specification");
+ goto err_nomsg;
}
- else if (!strcmp((argv[*i] + 1), "password_changing_service")) {
- if (*(argv[*i]) == '+')
- rparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
- else if (*(argv[*i]) == '-')
- rparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
- else
- goto err_usage;
+ rparams->max_renewable_life = date-now;
+ mask |= LDAP_REALM_MAXRENEWLIFE;
+ } else if (!strcmp((argv[*i] + 1), "allow_postdated")) {
+ if (*(argv[*i]) == '+')
+ rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
+ else if (*(argv[*i]) == '-')
+ rparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
+ else
+ goto err_usage;
+
+ mask |= LDAP_REALM_KRBTICKETFLAGS;
+ } else if (!strcmp((argv[*i] + 1), "allow_forwardable")) {
+ if (*(argv[*i]) == '+')
+ rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
+
+ else if (*(argv[*i]) == '-')
+ rparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
+ else
+ goto err_usage;
+
+ mask |= LDAP_REALM_KRBTICKETFLAGS;
+ } else if (!strcmp((argv[*i] + 1), "allow_renewable")) {
+ if (*(argv[*i]) == '+')
+ rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
+ else if (*(argv[*i]) == '-')
+ rparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
+ else
+ goto err_usage;
+
+ mask |= LDAP_REALM_KRBTICKETFLAGS;
+ } else if (!strcmp((argv[*i] + 1), "allow_proxiable")) {
+ if (*(argv[*i]) == '+')
+ rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
+ else if (*(argv[*i]) == '-')
+ rparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
+ else
+ goto err_usage;
+
+ mask |= LDAP_REALM_KRBTICKETFLAGS;
+ } else if (!strcmp((argv[*i] + 1), "allow_dup_skey")) {
+ if (*(argv[*i]) == '+')
+ rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
+ else if (*(argv[*i]) == '-')
+ rparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
+ else
+ goto err_usage;
+
+ mask |= LDAP_REALM_KRBTICKETFLAGS;
+ }
- mask |=LDAP_REALM_KRBTICKETFLAGS;
- }
+ else if (!strcmp((argv[*i] + 1), "requires_preauth")) {
+ if (*(argv[*i]) == '+')
+ rparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
+ else if (*(argv[*i]) == '-')
+ rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
+ else
+ goto err_usage;
+
+ mask |= LDAP_REALM_KRBTICKETFLAGS;
+ } else if (!strcmp((argv[*i] + 1), "requires_hwauth")) {
+ if (*(argv[*i]) == '+')
+ rparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
+ else if (*(argv[*i]) == '-')
+ rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
+ else
+ goto err_usage;
+
+ mask |= LDAP_REALM_KRBTICKETFLAGS;
+ } else if (!strcmp((argv[*i] + 1), "allow_svr")) {
+ if (*(argv[*i]) == '+')
+ rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
+ else if (*(argv[*i]) == '-')
+ rparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
+ else
+ goto err_usage;
+
+ mask |= LDAP_REALM_KRBTICKETFLAGS;
+ } else if (!strcmp((argv[*i] + 1), "allow_tgs_req")) {
+ if (*(argv[*i]) == '+')
+ rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
+ else if (*(argv[*i]) == '-')
+ rparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
+ else
+ goto err_usage;
+
+ mask |= LDAP_REALM_KRBTICKETFLAGS;
+ } else if (!strcmp((argv[*i] + 1), "allow_tix")) {
+ if (*(argv[*i]) == '+')
+ rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
+ else if (*(argv[*i]) == '-')
+ rparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
+ else
+ goto err_usage;
+
+ mask |= LDAP_REALM_KRBTICKETFLAGS;
+ } else if (!strcmp((argv[*i] + 1), "needchange")) {
+ if (*(argv[*i]) == '+')
+ rparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
+ else if (*(argv[*i]) == '-')
+ rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
+ else
+ goto err_usage;
+
+ mask |= LDAP_REALM_KRBTICKETFLAGS;
+ } else if (!strcmp((argv[*i] + 1), "password_changing_service")) {
+ if (*(argv[*i]) == '+')
+ rparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
+ else if (*(argv[*i]) == '-')
+ rparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
+ else
+ goto err_usage;
+
+ mask |=LDAP_REALM_KRBTICKETFLAGS;
+ }
err_usage:
- print_usage = TRUE;
+ print_usage = TRUE;
err_nomsg:
- no_msg = TRUE;
+ no_msg = TRUE;
- return mask;
+ return mask;
}
/*
- * This function will create a realm on the LDAP Server, with
+ * This function will create a realm on the LDAP Server, with
* the specified attributes.
*/
void kdb5_ldap_create(argc, argv)
- int argc;
- char *argv[];
+ int argc;
+ char *argv[];
{
krb5_error_code retval = 0;
krb5_keyblock master_keyblock;
memset(&master_keyblock, 0, sizeof(master_keyblock));
rparams = (krb5_ldap_realm_params *)malloc(
- sizeof(krb5_ldap_realm_params));
+ sizeof(krb5_ldap_realm_params));
if (rparams == NULL) {
- retval = ENOMEM;
- goto cleanup;
+ retval = ENOMEM;
+ goto cleanup;
}
memset(rparams, 0, sizeof(krb5_ldap_realm_params));
/* Parse the arguments */
for (i = 1; i < argc; i++) {
- if (!strcmp(argv[i], "-subtree")) {
- if (++i > argc-1)
- goto err_usage;
- rparams->subtree = strdup(argv[i]);
- if (rparams->subtree == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- mask |= LDAP_REALM_SUBTREE;
- }
- else if (!strcmp(argv[i], "-sscope")) {
- if (++i > argc-1)
- goto err_usage;
- /* Possible values for search scope are
- * one (or 1) and sub (or 2)
- */
- if (!strcasecmp(argv[i], "one")) {
- rparams->search_scope = 1;
- }
- else if (!strcasecmp(argv[i], "sub")) {
- rparams->search_scope = 2;
- }
- else {
- rparams->search_scope = atoi(argv[i]);
- if ((rparams->search_scope != 1) &&
- (rparams->search_scope != 2)) {
- com_err(argv[0], EINVAL,
- "invalid search scope while creating realm '%s'",
- global_params.realm);
- goto err_nomsg;
- }
- }
- mask |= LDAP_REALM_SEARCHSCOPE;
- }
+ if (!strcmp(argv[i], "-subtree")) {
+ if (++i > argc-1)
+ goto err_usage;
+ rparams->subtree = strdup(argv[i]);
+ if (rparams->subtree == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ mask |= LDAP_REALM_SUBTREE;
+ } else if (!strcmp(argv[i], "-sscope")) {
+ if (++i > argc-1)
+ goto err_usage;
+ /* Possible values for search scope are
+ * one (or 1) and sub (or 2)
+ */
+ if (!strcasecmp(argv[i], "one")) {
+ rparams->search_scope = 1;
+ } else if (!strcasecmp(argv[i], "sub")) {
+ rparams->search_scope = 2;
+ } else {
+ rparams->search_scope = atoi(argv[i]);
+ if ((rparams->search_scope != 1) &&
+ (rparams->search_scope != 2)) {
+ com_err(argv[0], EINVAL,
+ "invalid search scope while creating realm '%s'",
+ global_params.realm);
+ goto err_nomsg;
+ }
+ }
+ mask |= LDAP_REALM_SEARCHSCOPE;
+ }
#ifdef HAVE_EDIRECTORY
- else if (!strcmp(argv[i], "-kdcdn")) {
- if (++i > argc-1)
- goto err_usage;
- rparams->kdcservers = (char **)malloc(
- sizeof(char *) * MAX_LIST_ENTRIES);
- if (rparams->kdcservers == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- memset(rparams->kdcservers, 0, sizeof(char*)*MAX_LIST_ENTRIES);
- if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
- rparams->kdcservers))) {
- goto cleanup;
- }
- mask |= LDAP_REALM_KDCSERVERS;
- }
- else if (!strcmp(argv[i], "-admindn")) {
- if (++i > argc-1)
- goto err_usage;
- rparams->adminservers = (char **)malloc(
- sizeof(char *) * MAX_LIST_ENTRIES);
- if (rparams->adminservers == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- memset(rparams->adminservers, 0, sizeof(char*)*MAX_LIST_ENTRIES);
- if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
- rparams->adminservers))) {
- goto cleanup;
- }
- mask |= LDAP_REALM_ADMINSERVERS;
- }
- else if (!strcmp(argv[i], "-pwddn")) {
- if (++i > argc-1)
- goto err_usage;
- rparams->passwdservers = (char **)malloc(
- sizeof(char *) * MAX_LIST_ENTRIES);
- if (rparams->passwdservers == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- memset(rparams->passwdservers, 0, sizeof(char*)*MAX_LIST_ENTRIES);
- if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
- rparams->passwdservers))) {
- goto cleanup;
- }
- mask |= LDAP_REALM_PASSWDSERVERS;
- }
+ else if (!strcmp(argv[i], "-kdcdn")) {
+ if (++i > argc-1)
+ goto err_usage;
+ rparams->kdcservers = (char **)malloc(
+ sizeof(char *) * MAX_LIST_ENTRIES);
+ if (rparams->kdcservers == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ memset(rparams->kdcservers, 0, sizeof(char*)*MAX_LIST_ENTRIES);
+ if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+ rparams->kdcservers))) {
+ goto cleanup;
+ }
+ mask |= LDAP_REALM_KDCSERVERS;
+ } else if (!strcmp(argv[i], "-admindn")) {
+ if (++i > argc-1)
+ goto err_usage;
+ rparams->adminservers = (char **)malloc(
+ sizeof(char *) * MAX_LIST_ENTRIES);
+ if (rparams->adminservers == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ memset(rparams->adminservers, 0, sizeof(char*)*MAX_LIST_ENTRIES);
+ if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+ rparams->adminservers))) {
+ goto cleanup;
+ }
+ mask |= LDAP_REALM_ADMINSERVERS;
+ } else if (!strcmp(argv[i], "-pwddn")) {
+ if (++i > argc-1)
+ goto err_usage;
+ rparams->passwdservers = (char **)malloc(
+ sizeof(char *) * MAX_LIST_ENTRIES);
+ if (rparams->passwdservers == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ memset(rparams->passwdservers, 0, sizeof(char*)*MAX_LIST_ENTRIES);
+ if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+ rparams->passwdservers))) {
+ goto cleanup;
+ }
+ mask |= LDAP_REALM_PASSWDSERVERS;
+ }
#endif
- else if (!strcmp(argv[i], "-s")) {
- do_stash = 1;
- }
- else if ((ret_mask= get_ticket_policy(rparams,&i,argv,argc)) !=0)
- {
- mask|=ret_mask;
- }
-
- else {
- printf("'%s' is an invalid option\n", argv[i]);
- goto err_usage;
- }
+ else if (!strcmp(argv[i], "-s")) {
+ do_stash = 1;
+ } else if ((ret_mask= get_ticket_policy(rparams,&i,argv,argc)) !=0) {
+ mask|=ret_mask;
+ }
+
+ else {
+ printf("'%s' is an invalid option\n", argv[i]);
+ goto err_usage;
+ }
}
- /* If the default enctype/salttype is not provided, use the
+ /* If the default enctype/salttype is not provided, use the
* default values and also add to the list of supported
* enctypes/salttype
*/
pw_str, &pw_size);
if (retval) {
com_err(argv[0], retval, "while reading master key from keyboard");
- goto err_nomsg;
+ goto err_nomsg;
}
mkey_password = pw_str;
}
rparams->mkey.length = strlen(mkey_password) + 1;
rparams->mkey.contents = (krb5_octet *)strdup(mkey_password);
if (rparams->mkey.contents == NULL) {
- retval = ENOMEM;
- goto cleanup;
+ retval = ENOMEM;
+ goto cleanup;
}
rparams->realm_name = strdup(global_params.realm);
if (rparams->realm_name == NULL) {
- retval = ENOMEM;
- com_err(argv[0], ENOMEM, "while creating realm '%s'",
- global_params.realm);
- goto err_nomsg;
+ retval = ENOMEM;
+ com_err(argv[0], ENOMEM, "while creating realm '%s'",
+ global_params.realm);
+ goto err_nomsg;
}
dal_handle = (kdb5_dal_handle *) util_context->db_context;
ldap_context = (krb5_ldap_context *) dal_handle->db_context;
if (!ldap_context) {
- retval = EINVAL;
- goto cleanup;
+ retval = EINVAL;
+ goto cleanup;
}
/* read the kerberos container */
- if ((retval=krb5_ldap_read_krbcontainer_params (util_context,
- &(ldap_context->krbcontainer))) == KRB5_KDB_NOENTRY) {
- /* Prompt the user for entering the DN of Kerberos container */
- char krb_location[MAX_KRB_CONTAINER_LEN];
- krb5_ldap_krbcontainer_params kparams;
- int krb_location_len = 0;
- memset(&kparams, 0, sizeof(kparams));
+ if ((retval=krb5_ldap_read_krbcontainer_params (util_context,
+ &(ldap_context->krbcontainer))) == KRB5_KDB_NOENTRY) {
+ /* Prompt the user for entering the DN of Kerberos container */
+ char krb_location[MAX_KRB_CONTAINER_LEN];
+ krb5_ldap_krbcontainer_params kparams;
+ int krb_location_len = 0;
+ memset(&kparams, 0, sizeof(kparams));
/* Read the kerberos container location from configuration file */
- if (ldap_context->conf_section) {
- if ((retval=profile_get_string(util_context->profile,
- KDB_MODULE_SECTION, ldap_context->conf_section,
- "ldap_kerberos_container_dn", NULL,
- &kparams.DN)) != 0) {
- goto cleanup;
- }
- }
- if (kparams.DN == NULL) {
- if ((retval=profile_get_string(util_context->profile,
- KDB_MODULE_DEF_SECTION,
- "ldap_kerberos_container_dn", NULL,
- NULL, &kparams.DN)) != 0) {
- goto cleanup;
- }
- }
-
- printf("\nKerberos container is missing. Creating now...\n");
- if (kparams.DN == NULL) {
+ if (ldap_context->conf_section) {
+ if ((retval=profile_get_string(util_context->profile,
+ KDB_MODULE_SECTION, ldap_context->conf_section,
+ "ldap_kerberos_container_dn", NULL,
+ &kparams.DN)) != 0) {
+ goto cleanup;
+ }
+ }
+ if (kparams.DN == NULL) {
+ if ((retval=profile_get_string(util_context->profile,
+ KDB_MODULE_DEF_SECTION,
+ "ldap_kerberos_container_dn", NULL,
+ NULL, &kparams.DN)) != 0) {
+ goto cleanup;
+ }
+ }
+
+ printf("\nKerberos container is missing. Creating now...\n");
+ if (kparams.DN == NULL) {
#ifdef HAVE_EDIRECTORY
- printf("Enter DN of Kerberos container [cn=Kerberos,cn=Security]: ");
+ printf("Enter DN of Kerberos container [cn=Kerberos,cn=Security]: ");
#else
- printf("Enter DN of Kerberos container: ");
+ printf("Enter DN of Kerberos container: ");
#endif
- if (fgets(krb_location, MAX_KRB_CONTAINER_LEN, stdin) != NULL) {
- /* Remove the newline character at the end */
- krb_location_len = strlen(krb_location);
- if ((krb_location[krb_location_len - 1] == '\n') ||
- (krb_location[krb_location_len - 1] == '\r')) {
- krb_location[krb_location_len - 1] = '\0';
- krb_location_len--;
- }
- /* If the user has not given any input, take the default location */
- else if (krb_location[0] == '\0')
- kparams.DN = NULL;
- else
- kparams.DN = krb_location;
- }
- else
- kparams.DN = NULL;
+ if (fgets(krb_location, MAX_KRB_CONTAINER_LEN, stdin) != NULL) {
+ /* Remove the newline character at the end */
+ krb_location_len = strlen(krb_location);
+ if ((krb_location[krb_location_len - 1] == '\n') ||
+ (krb_location[krb_location_len - 1] == '\r')) {
+ krb_location[krb_location_len - 1] = '\0';
+ krb_location_len--;
+ }
+ /* If the user has not given any input, take the default location */
+ else if (krb_location[0] == '\0')
+ kparams.DN = NULL;
+ else
+ kparams.DN = krb_location;
+ } else
+ kparams.DN = NULL;
}
- /* create the kerberos container */
- retval = krb5_ldap_create_krbcontainer(util_context,
- ((kparams.DN != NULL) ? &kparams : NULL));
- if (retval)
- goto cleanup;
-
- retval = krb5_ldap_read_krbcontainer_params(util_context,
- &(ldap_context->krbcontainer));
- if (retval) {
- com_err(argv[0], retval, "while reading kerberos container information");
- goto cleanup;
- }
- }
- else if (retval) {
- com_err(argv[0], retval, "while reading kerberos container information");
- goto cleanup;
+ /* create the kerberos container */
+ retval = krb5_ldap_create_krbcontainer(util_context,
+ ((kparams.DN != NULL) ? &kparams : NULL));
+ if (retval)
+ goto cleanup;
+
+ retval = krb5_ldap_read_krbcontainer_params(util_context,
+ &(ldap_context->krbcontainer));
+ if (retval) {
+ com_err(argv[0], retval, "while reading kerberos container information");
+ goto cleanup;
+ }
+ } else if (retval) {
+ com_err(argv[0], retval, "while reading kerberos container information");
+ goto cleanup;
}
if ((retval = krb5_ldap_create_realm(util_context,
- /* global_params.realm, */ rparams, mask))) {
- goto cleanup;
+ /* global_params.realm, */ rparams, mask))) {
+ goto cleanup;
}
/* We just created the Realm container. Here starts our transaction tracking */
realm_obj_created = TRUE;
- if ((retval = krb5_ldap_read_realm_params(util_context,
- global_params.realm,
- &(ldap_context->lrparams),
+ if ((retval = krb5_ldap_read_realm_params(util_context,
+ global_params.realm,
+ &(ldap_context->lrparams),
&mask))) {
- com_err(argv[0], retval, "while reading information of realm '%s'",
+ com_err(argv[0], retval, "while reading information of realm '%s'",
global_params.realm);
- goto err_nomsg;
+ goto err_nomsg;
}
ldap_context->lrparams->realm_name = strdup(global_params.realm);
if (ldap_context->lrparams->realm_name == NULL) {
- retval = ENOMEM;
- goto cleanup;
+ retval = ENOMEM;
+ goto cleanup;
}
/* assemble & parse the master key name */
if ((retval = krb5_db_setup_mkey_name(util_context,
- global_params.mkey_name,
- global_params.realm,
- 0, &master_princ))) {
- com_err(argv[0], retval, "while setting up master key name");
- goto err_nomsg;
+ global_params.mkey_name,
+ global_params.realm,
+ 0, &master_princ))) {
+ com_err(argv[0], retval, "while setting up master key name");
+ goto err_nomsg;
}
/* Obtain master key from master password */
goto err_nomsg;
}
- retval = krb5_c_string_to_key(util_context, rparams->mkey.enctype,
- &pwd, &master_salt, &master_keyblock);
+ retval = krb5_c_string_to_key(util_context, rparams->mkey.enctype,
+ &pwd, &master_salt, &master_keyblock);
if (master_salt.data)
free(master_salt.data);
ldap_context->lrparams->mkey.contents = (krb5_octet *) malloc
(master_keyblock.length);
if (ldap_context->lrparams->mkey.contents == NULL) {
- retval = ENOMEM;
- goto cleanup;
+ retval = ENOMEM;
+ goto cleanup;
}
memcpy (ldap_context->lrparams->mkey.contents, master_keyblock.contents,
- master_keyblock.length);
+ master_keyblock.length);
/* Create special principals inside the realm subtree */
{
- char princ_name[MAX_PRINC_SIZE];
+ char princ_name[MAX_PRINC_SIZE];
struct hostent *hp = NULL;
krb5_principal_data tgt_princ = {
0, /* magic number */
krb5_free_principal(util_context, p);
/* Create 'kadmin/changepw' ... */
- snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_CHANGEPW_SERVICE, global_params.realm);
+ snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_CHANGEPW_SERVICE, global_params.realm);
if ((retval = krb5_parse_name(util_context, princ_name, &p))) {
com_err(argv[0], retval, "while adding entries to the database");
goto err_nomsg;
krb5_free_principal(util_context, p);
/* Create 'kadmin/history' ... */
- snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_HIST_PRINCIPAL, global_params.realm);
+ snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_HIST_PRINCIPAL, global_params.realm);
if ((retval = krb5_parse_name(util_context, princ_name, &p))) {
com_err(argv[0], retval, "while adding entries to the database");
goto err_nomsg;
/* Create 'kadmin/<hostname>' ... */
if ((retval=krb5_sname_to_principal(util_context, NULL, "kadmin", KRB5_NT_SRV_HST, &p))) {
- com_err(argv[0], retval, "krb5_sname_to_principal, while adding entries to the database");
- goto err_nomsg;
+ com_err(argv[0], retval, "krb5_sname_to_principal, while adding entries to the database");
+ goto err_nomsg;
}
- if((retval=krb5_copy_principal(util_context, p, &temp_p))) {
- com_err(argv[0], retval, "krb5_copy_principal, while adding entries to the database");
- goto err_nomsg;
+ if ((retval=krb5_copy_principal(util_context, p, &temp_p))) {
+ com_err(argv[0], retval, "krb5_copy_principal, while adding entries to the database");
+ goto err_nomsg;
}
-
+
/* change the realm portion to the default realm */
- free( temp_p->realm.data );
- temp_p->realm.length = strlen( util_context->default_realm );
- temp_p->realm.data = strdup( util_context->default_realm );
- if( temp_p->realm.data == NULL ) {
- com_err(argv[0], ENOMEM, "while adding entries to the database");
- goto err_nomsg;
+ free(temp_p->realm.data);
+ temp_p->realm.length = strlen(util_context->default_realm);
+ temp_p->realm.data = strdup(util_context->default_realm);
+ if (temp_p->realm.data == NULL) {
+ com_err(argv[0], ENOMEM, "while adding entries to the database");
+ goto err_nomsg;
}
rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED;
}
#ifdef HAVE_EDIRECTORY
- if( (mask & LDAP_REALM_KDCSERVERS) || (mask & LDAP_REALM_ADMINSERVERS) ||
- (mask & LDAP_REALM_PASSWDSERVERS) ) {
-
+ if ((mask & LDAP_REALM_KDCSERVERS) || (mask & LDAP_REALM_ADMINSERVERS) ||
+ (mask & LDAP_REALM_PASSWDSERVERS)) {
+
printf("Changing rights for the service object. Please wait ... ");
fflush(stdout);
rightsmask =0;
rightsmask |= LDAP_REALM_RIGHTS;
rightsmask |= LDAP_SUBTREE_RIGHTS;
- if ( (rparams != NULL) && (rparams->kdcservers != NULL) ) {
- for ( i=0; (rparams->kdcservers[i] != NULL); i++) {
- if((retval=krb5_ldap_add_service_rights( util_context,
- LDAP_KDC_SERVICE, rparams->kdcservers[i],
- rparams->realm_name, rparams->subtree, rightsmask )) != 0) {
+ if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
+ for (i=0; (rparams->kdcservers[i] != NULL); i++) {
+ if ((retval=krb5_ldap_add_service_rights(util_context,
+ LDAP_KDC_SERVICE, rparams->kdcservers[i],
+ rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
printf("failed\n");
com_err(argv[0], retval, "while assigning rights to '%s'",
- rparams->realm_name);
+ rparams->realm_name);
goto err_nomsg;
}
}
}
-
+
rightsmask = 0;
rightsmask |= LDAP_REALM_RIGHTS;
rightsmask |= LDAP_SUBTREE_RIGHTS;
- if ( (rparams != NULL) && (rparams->adminservers != NULL) ) {
- for ( i=0; (rparams->adminservers[i] != NULL); i++) {
- if((retval=krb5_ldap_add_service_rights( util_context,
- LDAP_ADMIN_SERVICE, rparams->adminservers[i],
- rparams->realm_name, rparams->subtree, rightsmask )) != 0) {
+ if ((rparams != NULL) && (rparams->adminservers != NULL)) {
+ for (i=0; (rparams->adminservers[i] != NULL); i++) {
+ if ((retval=krb5_ldap_add_service_rights(util_context,
+ LDAP_ADMIN_SERVICE, rparams->adminservers[i],
+ rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
printf("failed\n");
com_err(argv[0], retval, "while assigning rights to '%s'",
- rparams->realm_name);
+ rparams->realm_name);
goto err_nomsg;
}
}
}
-
+
rightsmask = 0;
rightsmask |= LDAP_REALM_RIGHTS;
rightsmask |= LDAP_SUBTREE_RIGHTS;
- if( (rparams != NULL) && (rparams->passwdservers != NULL) ) {
- for ( i=0; (rparams->passwdservers[i] != NULL); i++) {
- if((retval=krb5_ldap_add_service_rights( util_context,
- LDAP_PASSWD_SERVICE, rparams->passwdservers[i],
- rparams->realm_name, rparams->subtree, rightsmask )) != 0) {
+ if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
+ for (i=0; (rparams->passwdservers[i] != NULL); i++) {
+ if ((retval=krb5_ldap_add_service_rights(util_context,
+ LDAP_PASSWD_SERVICE, rparams->passwdservers[i],
+ rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
printf("failed\n");
com_err(argv[0], retval, "while assigning rights to '%s'",
- rparams->realm_name);
+ rparams->realm_name);
goto err_nomsg;
}
}
/* Stash the master key only if '-s' option is specified */
if (do_stash || global_params.mask & KADM5_CONFIG_STASH_FILE) {
- retval = krb5_def_store_mkey(util_context,
- global_params.stash_file,
- master_princ,
- &master_keyblock, NULL);
- if (retval) {
+ retval = krb5_def_store_mkey(util_context,
+ global_params.stash_file,
+ master_princ,
+ &master_keyblock, NULL);
+ if (retval) {
com_err(argv[0], errno, "while storing key");
printf("Warning: couldn't stash master key.\n");
- }
+ }
}
goto cleanup;
cleanup:
/* If the Realm creation is not complete, do the roll-back here */
if ((realm_obj_created) && (!create_complete))
- krb5_ldap_delete_realm(util_context, global_params.realm);
+ krb5_ldap_delete_realm(util_context, global_params.realm);
if (rparams)
- krb5_ldap_free_realm_params(rparams);
+ krb5_ldap_free_realm_params(rparams);
memset (pw_str, 0, sizeof (pw_str));
ldap_context->lrparams->subtree = oldsubtree;
if (print_usage)
- db_usage(CREATE_REALM);
+ db_usage(CREATE_REALM);
if (retval) {
- if (!no_msg) {
- com_err(argv[0], retval, "while creating realm '%s'",
- global_params.realm);
- }
- exit_status++;
+ if (!no_msg) {
+ com_err(argv[0], retval, "while creating realm '%s'",
+ global_params.realm);
+ }
+ exit_status++;
}
return;
dal_handle = (kdb5_dal_handle *) util_context->db_context;
ldap_context = (krb5_ldap_context *) dal_handle->db_context;
if (!(ldap_context)) {
- retval = EINVAL;
- goto cleanup;
+ retval = EINVAL;
+ goto cleanup;
}
- if((retval = krb5_ldap_read_krbcontainer_params(util_context,
- &(ldap_context->krbcontainer)))) {
- com_err(argv[0], retval, "while reading Kerberos container information");
- goto err_nomsg;
+ if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
+ &(ldap_context->krbcontainer)))) {
+ com_err(argv[0], retval, "while reading Kerberos container information");
+ goto err_nomsg;
}
- retval = krb5_ldap_read_realm_params(util_context,
- global_params.realm, &rparams, &rmask);
+ retval = krb5_ldap_read_realm_params(util_context,
+ global_params.realm, &rparams, &rmask);
if (retval)
- goto cleanup;
+ goto cleanup;
/* Parse the arguments */
for (i = 1; i < argc; i++) {
- if (!strcmp(argv[i], "-subtree")) {
- if (++i > argc-1)
- goto err_usage;
+ if (!strcmp(argv[i], "-subtree")) {
+ if (++i > argc-1)
+ goto err_usage;
if (rmask & LDAP_REALM_SUBTREE) {
- if( rparams->subtree ) {
+ if (rparams->subtree) {
#ifdef HAVE_EDIRECTORY
oldsubtree = strdup(rparams->subtree);
- if( oldsubtree == NULL ) {
+ if (oldsubtree == NULL) {
retval = ENOMEM;
goto cleanup;
}
free(rparams->subtree);
}
}
- rparams->subtree = strdup(argv[i]);
- if (rparams->subtree == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- mask |= LDAP_REALM_SUBTREE;
- }
- else if (!strcmp(argv[i], "-sscope")) {
- if (++i > argc-1)
- goto err_usage;
- /* Possible values for search scope are
- * one (or 1) and sub (or 2)
- */
- if (strcasecmp(argv[i], "one") == 0) {
- rparams->search_scope = 1;
- }
- else if (strcasecmp(argv[i], "sub") == 0) {
- rparams->search_scope = 2;
- }
- else {
- rparams->search_scope = atoi(argv[i]);
- if ((rparams->search_scope != 1) &&
- (rparams->search_scope != 2)) {
- retval = EINVAL;
- com_err(argv[0], retval,
- "specified for search scope while modifying information of realm '%s'",
- global_params.realm);
- goto err_nomsg;
- }
- }
- mask |= LDAP_REALM_SEARCHSCOPE;
- }
+ rparams->subtree = strdup(argv[i]);
+ if (rparams->subtree == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ mask |= LDAP_REALM_SUBTREE;
+ } else if (!strcmp(argv[i], "-sscope")) {
+ if (++i > argc-1)
+ goto err_usage;
+ /* Possible values for search scope are
+ * one (or 1) and sub (or 2)
+ */
+ if (strcasecmp(argv[i], "one") == 0) {
+ rparams->search_scope = 1;
+ } else if (strcasecmp(argv[i], "sub") == 0) {
+ rparams->search_scope = 2;
+ } else {
+ rparams->search_scope = atoi(argv[i]);
+ if ((rparams->search_scope != 1) &&
+ (rparams->search_scope != 2)) {
+ retval = EINVAL;
+ com_err(argv[0], retval,
+ "specified for search scope while modifying information of realm '%s'",
+ global_params.realm);
+ goto err_nomsg;
+ }
+ }
+ mask |= LDAP_REALM_SEARCHSCOPE;
+ }
#ifdef HAVE_EDIRECTORY
- else if (!strcmp(argv[i], "-kdcdn")) {
- if (++i > argc-1)
- goto err_usage;
+ else if (!strcmp(argv[i], "-kdcdn")) {
+ if (++i > argc-1)
+ goto err_usage;
if ((rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers)) {
if (!oldkdcdns) {
- /* Store the old kdc dns list for removing rights */
- oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
- if (oldkdcdns == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
-
- for (j=0; rparams->kdcservers[j] != NULL; j++) {
- oldkdcdns[j] = strdup(rparams->kdcservers[j]);
- if (oldkdcdns[j] == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- }
- oldkdcdns[j] = NULL;
- }
-
- krb5_free_list_entries(rparams->kdcservers);
- free(rparams->kdcservers);
- }
-
- rparams->kdcservers = (char **)malloc(
- sizeof(char *) * MAX_LIST_ENTRIES);
- if (rparams->kdcservers == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- memset(rparams->kdcservers, 0, sizeof(char *)*MAX_LIST_ENTRIES);
- if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
- rparams->kdcservers))) {
- goto cleanup;
- }
- mask |= LDAP_REALM_KDCSERVERS;
- /* Going to replace the existing value by this new value. Hence
- * setting flag indicating that add or clear options will be ignored
- */
- newkdcdn = 1;
- }
- else if (!strcmp(argv[i], "-clearkdcdn")) {
- if (++i > argc-1)
- goto err_usage;
- if ((!newkdcdn) && (rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers)) {
+ /* Store the old kdc dns list for removing rights */
+ oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+ if (oldkdcdns == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+
+ for (j=0; rparams->kdcservers[j] != NULL; j++) {
+ oldkdcdns[j] = strdup(rparams->kdcservers[j]);
+ if (oldkdcdns[j] == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ }
+ oldkdcdns[j] = NULL;
+ }
+
+ krb5_free_list_entries(rparams->kdcservers);
+ free(rparams->kdcservers);
+ }
+
+ rparams->kdcservers = (char **)malloc(
+ sizeof(char *) * MAX_LIST_ENTRIES);
+ if (rparams->kdcservers == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ memset(rparams->kdcservers, 0, sizeof(char *)*MAX_LIST_ENTRIES);
+ if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+ rparams->kdcservers))) {
+ goto cleanup;
+ }
+ mask |= LDAP_REALM_KDCSERVERS;
+ /* Going to replace the existing value by this new value. Hence
+ * setting flag indicating that add or clear options will be ignored
+ */
+ newkdcdn = 1;
+ } else if (!strcmp(argv[i], "-clearkdcdn")) {
+ if (++i > argc-1)
+ goto err_usage;
+ if ((!newkdcdn) && (rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers)) {
if (!oldkdcdns) {
/* Store the old kdc dns list for removing rights */
oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
if (oldkdcdns == NULL) {
- retval = ENOMEM;
- goto cleanup;
+ retval = ENOMEM;
+ goto cleanup;
}
-
+
for (j=0; rparams->kdcservers[j] != NULL; j++) {
- oldkdcdns[j] = strdup(rparams->kdcservers[j]);
- if (oldkdcdns[j] == NULL) {
+ oldkdcdns[j] = strdup(rparams->kdcservers[j]);
+ if (oldkdcdns[j] == NULL) {
retval = ENOMEM;
goto cleanup;
- }
+ }
}
oldkdcdns[j] = NULL;
- }
+ }
memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
- if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
- goto cleanup;
- }
- list_modify_str_array(&rparams->kdcservers, (const char **)list,
- LIST_MODE_DELETE);
- mask |= LDAP_REALM_KDCSERVERS;
- krb5_free_list_entries(list);
- }
- }
- else if (!strcmp(argv[i], "-addkdcdn")) {
- if (++i > argc-1)
- goto err_usage;
- if (!newkdcdn) {
- if ((rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers) && (!oldkdcdns)) {
+ if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+ goto cleanup;
+ }
+ list_modify_str_array(&rparams->kdcservers, (const char **)list,
+ LIST_MODE_DELETE);
+ mask |= LDAP_REALM_KDCSERVERS;
+ krb5_free_list_entries(list);
+ }
+ } else if (!strcmp(argv[i], "-addkdcdn")) {
+ if (++i > argc-1)
+ goto err_usage;
+ if (!newkdcdn) {
+ if ((rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers) && (!oldkdcdns)) {
/* Store the old kdc dns list for removing rights */
oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
if (oldkdcdns == NULL) {
- retval = ENOMEM;
- goto cleanup;
+ retval = ENOMEM;
+ goto cleanup;
+ }
+
+ for (j = 0; rparams->kdcservers[j] != NULL; j++) {
+ oldkdcdns[j] = strdup(rparams->kdcservers[j]);
+ if (oldkdcdns[j] == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
}
-
- for (j = 0; rparams->kdcservers[j] != NULL; j++) {
- oldkdcdns[j] = strdup(rparams->kdcservers[j]);
- if (oldkdcdns[j] == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- }
- oldkdcdns[j] = NULL;
- }
+ oldkdcdns[j] = NULL;
+ }
memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
- if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
- goto cleanup;
- }
- existing_entries = list_count_str_array(rparams->kdcservers);
- list_entries = list_count_str_array(list);
- if (rmask & LDAP_REALM_KDCSERVERS) {
- tempstr = (char **)realloc(
- rparams->kdcservers,
- sizeof(char *) * (existing_entries+list_entries+1));
- if (tempstr == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- rparams->kdcservers = tempstr;
- }
- else {
- rparams->kdcservers = (char **)malloc(sizeof(char *) * (list_entries+1));
- if (rparams->kdcservers == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- memset(rparams->kdcservers, 0, sizeof(char *) * (list_entries+1));
- }
- list_modify_str_array(&rparams->kdcservers, (const char **)list,
- LIST_MODE_ADD);
- mask |= LDAP_REALM_KDCSERVERS;
- }
- }
- else if (!strcmp(argv[i], "-admindn")) {
- if (++i > argc-1)
- goto err_usage;
-
- if ((rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers)) {
- if (!oldadmindns) {
- /* Store the old admin dns list for removing rights */
- oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
- if (oldadmindns == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
-
- for (j=0; rparams->adminservers[j] != NULL; j++) {
- oldadmindns[j] = strdup(rparams->adminservers[j]);
- if (oldadmindns[j] == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- }
- oldadmindns[j] = NULL;
- }
-
- krb5_free_list_entries(rparams->adminservers);
- free(rparams->adminservers);
- }
-
- rparams->adminservers = (char **)malloc(
- sizeof(char *) * MAX_LIST_ENTRIES);
- if (rparams->adminservers == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- memset(rparams->adminservers, 0, sizeof(char *)*MAX_LIST_ENTRIES);
- if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
- rparams->adminservers))) {
- goto cleanup;
- }
- mask |= LDAP_REALM_ADMINSERVERS;
- /* Going to replace the existing value by this new value. Hence
- * setting flag indicating that add or clear options will be ignored
- */
- newadmindn = 1;
- }
- else if (!strcmp(argv[i], "-clearadmindn")) {
- if (++i > argc-1)
- goto err_usage;
-
- if ((!newadmindn) && (rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers)) {
+ if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+ goto cleanup;
+ }
+ existing_entries = list_count_str_array(rparams->kdcservers);
+ list_entries = list_count_str_array(list);
+ if (rmask & LDAP_REALM_KDCSERVERS) {
+ tempstr = (char **)realloc(
+ rparams->kdcservers,
+ sizeof(char *) * (existing_entries+list_entries+1));
+ if (tempstr == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ rparams->kdcservers = tempstr;
+ } else {
+ rparams->kdcservers = (char **)malloc(sizeof(char *) * (list_entries+1));
+ if (rparams->kdcservers == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ memset(rparams->kdcservers, 0, sizeof(char *) * (list_entries+1));
+ }
+ list_modify_str_array(&rparams->kdcservers, (const char **)list,
+ LIST_MODE_ADD);
+ mask |= LDAP_REALM_KDCSERVERS;
+ }
+ } else if (!strcmp(argv[i], "-admindn")) {
+ if (++i > argc-1)
+ goto err_usage;
+
+ if ((rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers)) {
if (!oldadmindns) {
- /* Store the old admin dns list for removing rights */
+ /* Store the old admin dns list for removing rights */
oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
if (oldadmindns == NULL) {
- retval = ENOMEM;
- goto cleanup;
+ retval = ENOMEM;
+ goto cleanup;
}
-
+
for (j=0; rparams->adminservers[j] != NULL; j++) {
- oldadmindns[j] = strdup(rparams->adminservers[j]);
- if (oldadmindns[j] == NULL) {
+ oldadmindns[j] = strdup(rparams->adminservers[j]);
+ if (oldadmindns[j] == NULL) {
retval = ENOMEM;
goto cleanup;
- }
+ }
}
oldadmindns[j] = NULL;
- }
-
- memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
- if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
- goto cleanup;
- }
- list_modify_str_array(&rparams->adminservers, (const char **)list,
- LIST_MODE_DELETE);
- mask |= LDAP_REALM_ADMINSERVERS;
- krb5_free_list_entries(list);
- }
- }
- else if (!strcmp(argv[i], "-addadmindn")) {
- if (++i > argc-1)
- goto err_usage;
- if (!newadmindn) {
+ }
+
+ krb5_free_list_entries(rparams->adminservers);
+ free(rparams->adminservers);
+ }
+
+ rparams->adminservers = (char **)malloc(
+ sizeof(char *) * MAX_LIST_ENTRIES);
+ if (rparams->adminservers == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ memset(rparams->adminservers, 0, sizeof(char *)*MAX_LIST_ENTRIES);
+ if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+ rparams->adminservers))) {
+ goto cleanup;
+ }
+ mask |= LDAP_REALM_ADMINSERVERS;
+ /* Going to replace the existing value by this new value. Hence
+ * setting flag indicating that add or clear options will be ignored
+ */
+ newadmindn = 1;
+ } else if (!strcmp(argv[i], "-clearadmindn")) {
+ if (++i > argc-1)
+ goto err_usage;
+
+ if ((!newadmindn) && (rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers)) {
+ if (!oldadmindns) {
+ /* Store the old admin dns list for removing rights */
+ oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+ if (oldadmindns == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+
+ for (j=0; rparams->adminservers[j] != NULL; j++) {
+ oldadmindns[j] = strdup(rparams->adminservers[j]);
+ if (oldadmindns[j] == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ }
+ oldadmindns[j] = NULL;
+ }
+
+ memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
+ if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+ goto cleanup;
+ }
+ list_modify_str_array(&rparams->adminservers, (const char **)list,
+ LIST_MODE_DELETE);
+ mask |= LDAP_REALM_ADMINSERVERS;
+ krb5_free_list_entries(list);
+ }
+ } else if (!strcmp(argv[i], "-addadmindn")) {
+ if (++i > argc-1)
+ goto err_usage;
+ if (!newadmindn) {
if ((rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers) && (!oldadmindns)) {
/* Store the old admin dns list for removing rights */
oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
if (oldadmindns == NULL) {
- retval = ENOMEM;
- goto cleanup;
+ retval = ENOMEM;
+ goto cleanup;
}
-
+
for (j=0; rparams->adminservers[j] != NULL; j++) {
- oldadmindns[j] = strdup(rparams->adminservers[j]);
- if (oldadmindns[j] == NULL) {
+ oldadmindns[j] = strdup(rparams->adminservers[j]);
+ if (oldadmindns[j] == NULL) {
retval = ENOMEM;
goto cleanup;
- }
+ }
}
oldadmindns[j] = NULL;
- }
-
- memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
- if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
- goto cleanup;
- }
- existing_entries = list_count_str_array(rparams->adminservers);
- list_entries = list_count_str_array(list);
- if (rmask & LDAP_REALM_ADMINSERVERS) {
- tempstr = (char **)realloc(
- rparams->adminservers,
- sizeof(char *) * (existing_entries+list_entries+1));
- if (tempstr == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- rparams->adminservers = tempstr;
- }
- else {
- rparams->adminservers = (char **)malloc(sizeof(char *) * (list_entries+1));
- if (rparams->adminservers == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- memset(rparams->adminservers, 0, sizeof(char *) * (list_entries+1));
- }
- list_modify_str_array(&rparams->adminservers, (const char **)list,
- LIST_MODE_ADD);
- mask |= LDAP_REALM_ADMINSERVERS;
- }
- }
- else if (!strcmp(argv[i], "-pwddn")) {
- if (++i > argc-1)
- goto err_usage;
-
- if ((rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers)) {
- if (!oldpwddns) {
- /* Store the old pwd dns list for removing rights */
- oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
- if (oldpwddns == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
-
- for (j=0; rparams->passwdservers[j] != NULL; j++) {
- oldpwddns[j] = strdup(rparams->passwdservers[j]);
- if (oldpwddns[j] == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- }
- oldpwddns[j] = NULL;
- }
-
- krb5_free_list_entries(rparams->passwdservers);
- free(rparams->passwdservers);
- }
-
- rparams->passwdservers = (char **)malloc(
- sizeof(char *) * MAX_LIST_ENTRIES);
- if (rparams->passwdservers == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- memset(rparams->passwdservers, 0, sizeof(char *)*MAX_LIST_ENTRIES);
- if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
- rparams->passwdservers))) {
- goto cleanup;
- }
- mask |= LDAP_REALM_PASSWDSERVERS;
- /* Going to replace the existing value by this new value. Hence
- * setting flag indicating that add or clear options will be ignored
- */
- newpwddn = 1;
- }
- else if (!strcmp(argv[i], "-clearpwddn")) {
- if (++i > argc-1)
- goto err_usage;
-
- if ((!newpwddn) && (rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers)) {
- if (!oldpwddns) {
+ }
+
+ memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
+ if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+ goto cleanup;
+ }
+ existing_entries = list_count_str_array(rparams->adminservers);
+ list_entries = list_count_str_array(list);
+ if (rmask & LDAP_REALM_ADMINSERVERS) {
+ tempstr = (char **)realloc(
+ rparams->adminservers,
+ sizeof(char *) * (existing_entries+list_entries+1));
+ if (tempstr == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ rparams->adminservers = tempstr;
+ } else {
+ rparams->adminservers = (char **)malloc(sizeof(char *) * (list_entries+1));
+ if (rparams->adminservers == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ memset(rparams->adminservers, 0, sizeof(char *) * (list_entries+1));
+ }
+ list_modify_str_array(&rparams->adminservers, (const char **)list,
+ LIST_MODE_ADD);
+ mask |= LDAP_REALM_ADMINSERVERS;
+ }
+ } else if (!strcmp(argv[i], "-pwddn")) {
+ if (++i > argc-1)
+ goto err_usage;
+
+ if ((rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers)) {
+ if (!oldpwddns) {
/* Store the old pwd dns list for removing rights */
oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
if (oldpwddns == NULL) {
- retval = ENOMEM;
- goto cleanup;
+ retval = ENOMEM;
+ goto cleanup;
}
-
+
for (j=0; rparams->passwdservers[j] != NULL; j++) {
- oldpwddns[j] = strdup(rparams->passwdservers[j]);
- if (oldpwddns[j] == NULL) {
+ oldpwddns[j] = strdup(rparams->passwdservers[j]);
+ if (oldpwddns[j] == NULL) {
retval = ENOMEM;
goto cleanup;
- }
+ }
}
oldpwddns[j] = NULL;
- }
-
- memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
- if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
- goto cleanup;
- }
- list_modify_str_array(&rparams->passwdservers, (const char**)list,
- LIST_MODE_DELETE);
- mask |= LDAP_REALM_PASSWDSERVERS;
- krb5_free_list_entries(list);
- }
- }
- else if (!strcmp(argv[i], "-addpwddn")) {
- if (++i > argc-1)
- goto err_usage;
- if (!newpwddn) {
- if ((rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers) && (!oldpwddns)) {
+ }
+
+ krb5_free_list_entries(rparams->passwdservers);
+ free(rparams->passwdservers);
+ }
+
+ rparams->passwdservers = (char **)malloc(
+ sizeof(char *) * MAX_LIST_ENTRIES);
+ if (rparams->passwdservers == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ memset(rparams->passwdservers, 0, sizeof(char *)*MAX_LIST_ENTRIES);
+ if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+ rparams->passwdservers))) {
+ goto cleanup;
+ }
+ mask |= LDAP_REALM_PASSWDSERVERS;
+ /* Going to replace the existing value by this new value. Hence
+ * setting flag indicating that add or clear options will be ignored
+ */
+ newpwddn = 1;
+ } else if (!strcmp(argv[i], "-clearpwddn")) {
+ if (++i > argc-1)
+ goto err_usage;
+
+ if ((!newpwddn) && (rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers)) {
+ if (!oldpwddns) {
+ /* Store the old pwd dns list for removing rights */
+ oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+ if (oldpwddns == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+
+ for (j=0; rparams->passwdservers[j] != NULL; j++) {
+ oldpwddns[j] = strdup(rparams->passwdservers[j]);
+ if (oldpwddns[j] == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ }
+ oldpwddns[j] = NULL;
+ }
+
+ memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
+ if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+ goto cleanup;
+ }
+ list_modify_str_array(&rparams->passwdservers, (const char**)list,
+ LIST_MODE_DELETE);
+ mask |= LDAP_REALM_PASSWDSERVERS;
+ krb5_free_list_entries(list);
+ }
+ } else if (!strcmp(argv[i], "-addpwddn")) {
+ if (++i > argc-1)
+ goto err_usage;
+ if (!newpwddn) {
+ if ((rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers) && (!oldpwddns)) {
/* Store the old pwd dns list for removing rights */
oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
if (oldpwddns == NULL) {
- retval = ENOMEM;
- goto cleanup;
+ retval = ENOMEM;
+ goto cleanup;
}
-
+
for (j=0; rparams->passwdservers[j] != NULL; j++) {
- oldpwddns[j] = strdup(rparams->passwdservers[j]);
- if (oldpwddns[j] == NULL) {
+ oldpwddns[j] = strdup(rparams->passwdservers[j]);
+ if (oldpwddns[j] == NULL) {
retval = ENOMEM;
goto cleanup;
- }
+ }
}
oldpwddns[j] = NULL;
- }
-
- memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
- if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
- goto cleanup;
- }
- existing_entries = list_count_str_array(rparams->passwdservers);
- list_entries = list_count_str_array(list);
- if (rmask & LDAP_REALM_PASSWDSERVERS) {
- tempstr = (char **)realloc(
- rparams->passwdservers,
- sizeof(char *) * (existing_entries+list_entries+1));
- if (tempstr == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- rparams->passwdservers = tempstr;
- }
- else {
- rparams->passwdservers = (char **)malloc(sizeof(char *) * (list_entries+1));
- if (rparams->passwdservers == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- memset(rparams->passwdservers, 0, sizeof(char *) * (list_entries+1));
- }
- list_modify_str_array(&rparams->passwdservers, (const char**)list,
- LIST_MODE_ADD);
- mask |= LDAP_REALM_PASSWDSERVERS;
- }
- }
+ }
+
+ memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
+ if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+ goto cleanup;
+ }
+ existing_entries = list_count_str_array(rparams->passwdservers);
+ list_entries = list_count_str_array(list);
+ if (rmask & LDAP_REALM_PASSWDSERVERS) {
+ tempstr = (char **)realloc(
+ rparams->passwdservers,
+ sizeof(char *) * (existing_entries+list_entries+1));
+ if (tempstr == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ rparams->passwdservers = tempstr;
+ } else {
+ rparams->passwdservers = (char **)malloc(sizeof(char *) * (list_entries+1));
+ if (rparams->passwdservers == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ memset(rparams->passwdservers, 0, sizeof(char *) * (list_entries+1));
+ }
+ list_modify_str_array(&rparams->passwdservers, (const char**)list,
+ LIST_MODE_ADD);
+ mask |= LDAP_REALM_PASSWDSERVERS;
+ }
+ }
#endif
- else if ((ret_mask= get_ticket_policy(rparams,&i,argv,argc)) !=0)
- {
- mask|=ret_mask;
+ else if ((ret_mask= get_ticket_policy(rparams,&i,argv,argc)) !=0) {
+ mask|=ret_mask;
+ } else {
+ printf("'%s' is an invalid option\n", argv[i]);
+ goto err_usage;
}
- else {
- printf("'%s' is an invalid option\n", argv[i]);
- goto err_usage;
- }
}
- if ((retval = krb5_ldap_modify_realm(util_context,
- /* global_params.realm, */ rparams, mask))) {
- goto cleanup;
+ if ((retval = krb5_ldap_modify_realm(util_context,
+ /* global_params.realm, */ rparams, mask))) {
+ goto cleanup;
}
#ifdef HAVE_EDIRECTORY
- if( (mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_KDCSERVERS) ||
+ if ((mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_KDCSERVERS) ||
(mask & LDAP_REALM_ADMINSERVERS) || (mask & LDAP_REALM_PASSWDSERVERS)) {
printf("Changing rights for the service object. Please wait ... ");
- fflush(stdout);
-
- if( !(mask & LDAP_REALM_SUBTREE) ) {
- if( rparams->subtree != NULL ) {
+ fflush(stdout);
+
+ if (!(mask & LDAP_REALM_SUBTREE)) {
+ if (rparams->subtree != NULL) {
oldsubtree = strdup(rparams->subtree);
- if( oldsubtree == NULL ) {
+ if (oldsubtree == NULL) {
retval = ENOMEM;
goto cleanup;
}
}
}
- if( (mask & LDAP_REALM_SUBTREE) ) {
- if( (oldsubtree && !rparams->subtree) ||
- (!oldsubtree && rparams->subtree) ||
- (strcmp( oldsubtree, rparams->subtree) != 0) ) {
+ if ((mask & LDAP_REALM_SUBTREE)) {
+ if ((oldsubtree && !rparams->subtree) ||
+ (!oldsubtree && rparams->subtree) ||
+ (strcmp(oldsubtree, rparams->subtree) != 0)) {
subtree_changed = 1;
- }
+ }
}
- if( (mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_KDCSERVERS) ) {
+ if ((mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_KDCSERVERS)) {
newkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
if (newkdcdns == NULL) {
retval = ENOMEM;
goto cleanup;
}
-
- if ( (rparams != NULL) && (rparams->kdcservers != NULL) ) {
+
+ if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
for (j=0; rparams->kdcservers[j]!= NULL; j++) {
newkdcdns[j] = strdup(rparams->kdcservers[j]);
if (newkdcdns[j] == NULL) {
}
newkdcdns[j] = NULL;
}
-
- if( !subtree_changed ) {
- disjoint_members( oldkdcdns, newkdcdns);
- }
- else { /* Only the subtree was changed. Remove the rights on the old subtree. */
+
+ if (!subtree_changed) {
+ disjoint_members(oldkdcdns, newkdcdns);
+ } else { /* Only the subtree was changed. Remove the rights on the old subtree. */
if (!(mask & LDAP_REALM_KDCSERVERS)) {
oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
retval = ENOMEM;
goto cleanup;
}
-
- if ( (rparams != NULL) && (rparams->kdcservers != NULL) ) {
+
+ if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
for (j=0; rparams->kdcservers[j]!= NULL; j++) {
oldkdcdns[j] = strdup(rparams->kdcservers[j]);
if (oldkdcdns[j] == NULL) {
}
}
oldkdcdns[j] = NULL;
- }
+ }
}
}
-
+
rightsmask =0;
rightsmask |= LDAP_REALM_RIGHTS;
rightsmask |= LDAP_SUBTREE_RIGHTS;
/* Remove the rights on the old subtree */
- if ( oldkdcdns ) {
- for ( i=0; (oldkdcdns[i] != NULL); i++) {
- if((retval=krb5_ldap_delete_service_rights(util_context,
- LDAP_KDC_SERVICE, oldkdcdns[i],
- rparams->realm_name, oldsubtree, rightsmask )) != 0) {
+ if (oldkdcdns) {
+ for (i=0; (oldkdcdns[i] != NULL); i++) {
+ if ((retval=krb5_ldap_delete_service_rights(util_context,
+ LDAP_KDC_SERVICE, oldkdcdns[i],
+ rparams->realm_name, oldsubtree, rightsmask)) != 0) {
printf("failed\n");
com_err(argv[0], retval, "while assigning rights '%s'",
- rparams->realm_name);
+ rparams->realm_name);
goto err_nomsg;
}
}
}
-
+
rightsmask =0;
rightsmask |= LDAP_REALM_RIGHTS;
rightsmask |= LDAP_SUBTREE_RIGHTS;
- if ( newkdcdns ) {
- for ( i=0; (newkdcdns[i] != NULL); i++) {
-
- if((retval=krb5_ldap_add_service_rights(util_context,
- LDAP_KDC_SERVICE, newkdcdns[i], rparams->realm_name,
- rparams->subtree, rightsmask )) != 0) {
+ if (newkdcdns) {
+ for (i=0; (newkdcdns[i] != NULL); i++) {
+
+ if ((retval=krb5_ldap_add_service_rights(util_context,
+ LDAP_KDC_SERVICE, newkdcdns[i], rparams->realm_name,
+ rparams->subtree, rightsmask)) != 0) {
printf("failed\n");
com_err(argv[0], retval, "while assigning rights to '%s'",
- rparams->realm_name);
+ rparams->realm_name);
goto err_nomsg;
}
}
}
}
- if( (mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_ADMINSERVERS) ) {
+ if ((mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_ADMINSERVERS)) {
newadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
if (newadmindns == NULL) {
retval = ENOMEM;
goto cleanup;
}
-
- if ( (rparams != NULL) && (rparams->adminservers != NULL) ) {
+
+ if ((rparams != NULL) && (rparams->adminservers != NULL)) {
for (j=0; rparams->adminservers[j]!= NULL; j++) {
newadmindns[j] = strdup(rparams->adminservers[j]);
if (newadmindns[j] == NULL) {
}
newadmindns[j] = NULL;
}
-
- if( !subtree_changed ) {
- disjoint_members( oldadmindns, newadmindns);
- }
- else { /* Only the subtree was changed. Remove the rights on the old subtree. */
+
+ if (!subtree_changed) {
+ disjoint_members(oldadmindns, newadmindns);
+ } else { /* Only the subtree was changed. Remove the rights on the old subtree. */
if (!(mask & LDAP_REALM_ADMINSERVERS)) {
oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
retval = ENOMEM;
goto cleanup;
}
-
- if ( (rparams != NULL) && (rparams->adminservers != NULL) ) {
+
+ if ((rparams != NULL) && (rparams->adminservers != NULL)) {
for (j=0; rparams->adminservers[j]!= NULL; j++) {
oldadmindns[j] = strdup(rparams->adminservers[j]);
if (oldadmindns[j] == NULL) {
}
}
oldadmindns[j] = NULL;
- }
+ }
}
}
rightsmask |= LDAP_REALM_RIGHTS;
rightsmask |= LDAP_SUBTREE_RIGHTS;
/* Remove the rights on the old subtree */
- if ( oldadmindns ) {
- for ( i=0; (oldadmindns[i] != NULL); i++) {
-
- if((retval=krb5_ldap_delete_service_rights( util_context,
- LDAP_ADMIN_SERVICE, oldadmindns[i],
- rparams->realm_name, oldsubtree, rightsmask )) != 0) {
+ if (oldadmindns) {
+ for (i=0; (oldadmindns[i] != NULL); i++) {
+
+ if ((retval=krb5_ldap_delete_service_rights(util_context,
+ LDAP_ADMIN_SERVICE, oldadmindns[i],
+ rparams->realm_name, oldsubtree, rightsmask)) != 0) {
printf("failed\n");
com_err(argv[0], retval, "while assigning rights '%s'",
- rparams->realm_name);
+ rparams->realm_name);
goto err_nomsg;
- }
+ }
}
}
rightsmask |= LDAP_REALM_RIGHTS;
rightsmask |= LDAP_SUBTREE_RIGHTS;
/* Add rights on the new subtree for all the kdc dns */
- if ( newadmindns ) {
- for ( i=0; (newadmindns[i] != NULL); i++) {
-
- if((retval=krb5_ldap_add_service_rights( util_context,
- LDAP_ADMIN_SERVICE, newadmindns[i],
- rparams->realm_name, rparams->subtree, rightsmask )) != 0) {
+ if (newadmindns) {
+ for (i=0; (newadmindns[i] != NULL); i++) {
+
+ if ((retval=krb5_ldap_add_service_rights(util_context,
+ LDAP_ADMIN_SERVICE, newadmindns[i],
+ rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
printf("failed\n");
com_err(argv[0], retval, "while assigning rights to '%s'",
- rparams->realm_name);
+ rparams->realm_name);
goto err_nomsg;
}
}
}
- if( (mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_PASSWDSERVERS) ) {
+ if ((mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_PASSWDSERVERS)) {
newpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
if (newpwddns == NULL) {
retval = ENOMEM;
goto cleanup;
}
-
- if ( (rparams != NULL) && (rparams->passwdservers != NULL) ) {
+
+ if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
for (j=0; rparams->passwdservers[j]!= NULL; j++) {
newpwddns[j] = strdup(rparams->passwdservers[j]);
if (newpwddns[j] == NULL) {
}
newpwddns[j] = NULL;
}
-
- if( !subtree_changed ) {
- disjoint_members( oldpwddns, newpwddns);
- }
- else { /* Only the subtree was changed. Remove the rights on the old subtree. */
+
+ if (!subtree_changed) {
+ disjoint_members(oldpwddns, newpwddns);
+ } else { /* Only the subtree was changed. Remove the rights on the old subtree. */
if (!(mask & LDAP_REALM_ADMINSERVERS)) {
oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
retval = ENOMEM;
goto cleanup;
}
-
- if ( (rparams != NULL) && (rparams->passwdservers != NULL) ) {
+
+ if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
for (j=0; rparams->passwdservers[j]!= NULL; j++) {
oldpwddns[j] = strdup(rparams->passwdservers[j]);
if (oldpwddns[j] == NULL) {
rightsmask |= LDAP_REALM_RIGHTS;
rightsmask |= LDAP_SUBTREE_RIGHTS;
/* Remove the rights on the old subtree */
- if ( oldpwddns ) {
- for ( i=0; (oldpwddns[i] != NULL); i++) {
- if((retval = krb5_ldap_delete_service_rights( util_context,
- LDAP_PASSWD_SERVICE, oldpwddns[i],
- rparams->realm_name, oldsubtree, rightsmask))) {
+ if (oldpwddns) {
+ for (i=0; (oldpwddns[i] != NULL); i++) {
+ if ((retval = krb5_ldap_delete_service_rights(util_context,
+ LDAP_PASSWD_SERVICE, oldpwddns[i],
+ rparams->realm_name, oldsubtree, rightsmask))) {
printf("failed\n");
com_err(argv[0], retval, "while assigning rights '%s'",
- rparams->realm_name);
+ rparams->realm_name);
goto err_nomsg;
}
}
rightsmask |= LDAP_REALM_RIGHTS;
rightsmask |= LDAP_SUBTREE_RIGHTS;
/* Add rights on the new subtree for all the kdc dns */
- if ( newpwddns ) {
- for ( i=0; (newpwddns[i] != NULL); i++) {
- if((retval = krb5_ldap_add_service_rights( util_context,
- LDAP_PASSWD_SERVICE, newpwddns[i],
- rparams->realm_name, rparams->subtree, rightsmask))) {
+ if (newpwddns) {
+ for (i=0; (newpwddns[i] != NULL); i++) {
+ if ((retval = krb5_ldap_add_service_rights(util_context,
+ LDAP_PASSWD_SERVICE, newpwddns[i],
+ rparams->realm_name, rparams->subtree, rightsmask))) {
printf("failed\n");
com_err(argv[0], retval, "while assigning rights to '%s'",
- rparams->realm_name);
+ rparams->realm_name);
goto err_nomsg;
}
}
}
}
-
+
printf("done\n");
}
#endif
-
+
goto cleanup;
err_usage:
print_usage = TRUE;
-
+
err_nomsg:
no_msg = TRUE;
-
+
cleanup:
krb5_ldap_free_realm_params(rparams);
#ifdef HAVE_EDIRECTORY
if (oldkdcdns) {
- for ( i=0; oldkdcdns[i] != NULL; i++)
+ for (i=0; oldkdcdns[i] != NULL; i++)
free(oldkdcdns[i]);
free(oldkdcdns);
}
if (oldpwddns) {
- for ( i=0; oldpwddns[i] != NULL; i++)
+ for (i=0; oldpwddns[i] != NULL; i++)
free(oldpwddns[i]);
- free(oldpwddns);
+ free(oldpwddns);
}
if (oldadmindns) {
- for ( i=0; oldadmindns[i] != NULL; i++)
+ for (i=0; oldadmindns[i] != NULL; i++)
free(oldadmindns[i]);
- free(oldadmindns);
+ free(oldadmindns);
}
if (newkdcdns) {
- for ( i=0; newkdcdns[i] != NULL; i++)
+ for (i=0; newkdcdns[i] != NULL; i++)
free(newkdcdns[i]);
free(newkdcdns);
}
if (newpwddns) {
- for ( i=0; newpwddns[i] != NULL; i++)
+ for (i=0; newpwddns[i] != NULL; i++)
free(newpwddns[i]);
- free(newpwddns);
+ free(newpwddns);
}
if (newadmindns) {
- for ( i=0; newadmindns[i] != NULL; i++)
+ for (i=0; newadmindns[i] != NULL; i++)
free(newadmindns[i]);
- free(newadmindns);
+ free(newadmindns);
}
if (oldsubtree)
free(oldsubtree);
#endif
if (print_usage) {
- db_usage(MODIFY_REALM);
+ db_usage(MODIFY_REALM);
}
if (retval) {
- if (!no_msg)
- com_err(argv[0], retval, "while modifying information of realm '%s'",
- global_params.realm);
- exit_status++;
+ if (!no_msg)
+ com_err(argv[0], retval, "while modifying information of realm '%s'",
+ global_params.realm);
+ exit_status++;
}
return;
dal_handle = (kdb5_dal_handle *) util_context->db_context;
ldap_context = (krb5_ldap_context *) dal_handle->db_context;
if (!(ldap_context)) {
- retval = EINVAL;
- com_err(argv[0], retval, "while initializing database");
- exit_status++;
- return;
+ retval = EINVAL;
+ com_err(argv[0], retval, "while initializing database");
+ exit_status++;
+ return;
}
/* Read the kerberos container information */
- if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
- &(ldap_context->krbcontainer))) != 0) {
- com_err(argv[0], retval, "while reading kerberos container information");
- exit_status++;
- return;
+ if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
+ &(ldap_context->krbcontainer))) != 0) {
+ com_err(argv[0], retval, "while reading kerberos container information");
+ exit_status++;
+ return;
}
if ((retval = krb5_ldap_read_realm_params(util_context,
- global_params.realm, &rparams, &mask)) || (!rparams)) {
- com_err(argv[0], retval, "while reading information of realm '%s'",
- global_params.realm);
- exit_status++;
- return;
+ global_params.realm, &rparams, &mask)) || (!rparams)) {
+ com_err(argv[0], retval, "while reading information of realm '%s'",
+ global_params.realm);
+ exit_status++;
+ return;
}
print_realm_params(rparams, mask);
krb5_ldap_free_realm_params(rparams);
}
static char *strdur(duration)
- time_t duration;
+ time_t duration;
{
- static char out[50];
- int neg, days, hours, minutes, seconds;
-
- if (duration < 0) {
- duration *= -1;
- neg = 1;
- } else
- neg = 0;
- days = duration / (24 * 3600);
- duration %= 24 * 3600;
- hours = duration / 3600;
- duration %= 3600;
- minutes = duration / 60;
- duration %= 60;
- seconds = duration;
- sprintf(out, "%s%d %s %02d:%02d:%02d", neg ? "-" : "",
- days, days == 1 ? "day" : "days",
- hours, minutes, seconds);
- return out;
+ static char out[50];
+ int neg, days, hours, minutes, seconds;
+
+ if (duration < 0) {
+ duration *= -1;
+ neg = 1;
+ } else
+ neg = 0;
+ days = duration / (24 * 3600);
+ duration %= 24 * 3600;
+ hours = duration / 3600;
+ duration %= 3600;
+ minutes = duration / 60;
+ duration %= 60;
+ seconds = duration;
+ sprintf(out, "%s%d %s %02d:%02d:%02d", neg ? "-" : "",
+ days, days == 1 ? "day" : "days",
+ hours, minutes, seconds);
+ return out;
}
/*
/* Print the Realm Attributes on the standard output */
printf("%25s: %-50s\n", "Realm Name", global_params.realm);
if (mask & LDAP_REALM_SUBTREE)
- printf("%25s: %-50s\n", "Subtree", rparams->subtree);
+ printf("%25s: %-50s\n", "Subtree", rparams->subtree);
if (mask & LDAP_REALM_SEARCHSCOPE) {
- if ((rparams->search_scope != 1) &&
- (rparams->search_scope != 2)) {
- printf("%25s: %-50s\n", "SearchScope", "Invalid !");
- }
- else {
- printf("%25s: %-50s\n", "SearchScope",
- (rparams->search_scope == 1) ? "ONE" : "SUB");
- }
+ if ((rparams->search_scope != 1) &&
+ (rparams->search_scope != 2)) {
+ printf("%25s: %-50s\n", "SearchScope", "Invalid !");
+ } else {
+ printf("%25s: %-50s\n", "SearchScope",
+ (rparams->search_scope == 1) ? "ONE" : "SUB");
+ }
}
if (mask & LDAP_REALM_KDCSERVERS) {
- printf("%25s:", "KDC Services");
- if (rparams->kdcservers != NULL) {
- num_entry_printed = 0;
- for(slist = rparams->kdcservers; *slist != NULL; slist++) {
- if (num_entry_printed)
- printf(" %25s %-50s\n", " ", *slist);
- else
- printf(" %-50s\n", *slist);
- num_entry_printed++;
- }
- }
- if (num_entry_printed == 0)
- printf("\n");
+ printf("%25s:", "KDC Services");
+ if (rparams->kdcservers != NULL) {
+ num_entry_printed = 0;
+ for (slist = rparams->kdcservers; *slist != NULL; slist++) {
+ if (num_entry_printed)
+ printf(" %25s %-50s\n", " ", *slist);
+ else
+ printf(" %-50s\n", *slist);
+ num_entry_printed++;
+ }
+ }
+ if (num_entry_printed == 0)
+ printf("\n");
}
if (mask & LDAP_REALM_ADMINSERVERS) {
- printf("%25s:", "Admin Services");
- if (rparams->adminservers != NULL) {
- num_entry_printed = 0;
- for(slist = rparams->adminservers; *slist != NULL; slist++) {
- if (num_entry_printed)
- printf(" %25s %-50s\n", " ", *slist);
- else
- printf(" %-50s\n", *slist);
- num_entry_printed++;
- }
- }
- if (num_entry_printed == 0)
- printf("\n");
+ printf("%25s:", "Admin Services");
+ if (rparams->adminservers != NULL) {
+ num_entry_printed = 0;
+ for (slist = rparams->adminservers; *slist != NULL; slist++) {
+ if (num_entry_printed)
+ printf(" %25s %-50s\n", " ", *slist);
+ else
+ printf(" %-50s\n", *slist);
+ num_entry_printed++;
+ }
+ }
+ if (num_entry_printed == 0)
+ printf("\n");
}
if (mask & LDAP_REALM_PASSWDSERVERS) {
- printf("%25s:", "Passwd Services");
- if (rparams->passwdservers != NULL) {
- num_entry_printed = 0;
- for(slist = rparams->passwdservers; *slist != NULL; slist++) {
- if (num_entry_printed)
- printf(" %25s %-50s\n", " ", *slist);
- else
- printf(" %-50s\n", *slist);
- num_entry_printed++;
- }
- }
- if (num_entry_printed == 0)
- printf("\n");
+ printf("%25s:", "Passwd Services");
+ if (rparams->passwdservers != NULL) {
+ num_entry_printed = 0;
+ for (slist = rparams->passwdservers; *slist != NULL; slist++) {
+ if (num_entry_printed)
+ printf(" %25s %-50s\n", " ", *slist);
+ else
+ printf(" %-50s\n", *slist);
+ num_entry_printed++;
+ }
+ }
+ if (num_entry_printed == 0)
+ printf("\n");
}
if (mask & LDAP_REALM_MAXTICKETLIFE) {
- printf("%25s:", "Maximum Ticket Life");
- printf(" %s \n", strdur(rparams->max_life));
+ printf("%25s:", "Maximum Ticket Life");
+ printf(" %s \n", strdur(rparams->max_life));
}
if (mask & LDAP_REALM_MAXRENEWLIFE) {
- printf("%25s:", "Maximum Renewable Life");
- printf(" %s \n", strdur(rparams->max_renewable_life));
+ printf("%25s:", "Maximum Renewable Life");
+ printf(" %s \n", strdur(rparams->max_renewable_life));
}
if (mask & LDAP_REALM_KRBTICKETFLAGS) {
- int ticketflags = rparams->tktflags;
+ int ticketflags = rparams->tktflags;
- printf("%25s: ", "Ticket flags");
- if (ticketflags & KRB5_KDB_DISALLOW_POSTDATED)
- printf("%s ","DISALLOW_POSTDATED");
+ printf("%25s: ", "Ticket flags");
+ if (ticketflags & KRB5_KDB_DISALLOW_POSTDATED)
+ printf("%s ","DISALLOW_POSTDATED");
- if (ticketflags & KRB5_KDB_DISALLOW_FORWARDABLE)
- printf("%s ","DISALLOW_FORWARDABLE");
+ if (ticketflags & KRB5_KDB_DISALLOW_FORWARDABLE)
+ printf("%s ","DISALLOW_FORWARDABLE");
- if (ticketflags & KRB5_KDB_DISALLOW_RENEWABLE)
- printf("%s ","DISALLOW_RENEWABLE");
+ if (ticketflags & KRB5_KDB_DISALLOW_RENEWABLE)
+ printf("%s ","DISALLOW_RENEWABLE");
- if (ticketflags & KRB5_KDB_DISALLOW_PROXIABLE)
- printf("%s ","DISALLOW_PROXIABLE");
+ if (ticketflags & KRB5_KDB_DISALLOW_PROXIABLE)
+ printf("%s ","DISALLOW_PROXIABLE");
- if (ticketflags & KRB5_KDB_DISALLOW_DUP_SKEY)
- printf("%s ","DISALLOW_DUP_SKEY");
+ if (ticketflags & KRB5_KDB_DISALLOW_DUP_SKEY)
+ printf("%s ","DISALLOW_DUP_SKEY");
- if (ticketflags & KRB5_KDB_REQUIRES_PRE_AUTH)
- printf("%s ","REQUIRES_PRE_AUTH");
+ if (ticketflags & KRB5_KDB_REQUIRES_PRE_AUTH)
+ printf("%s ","REQUIRES_PRE_AUTH");
- if (ticketflags & KRB5_KDB_REQUIRES_HW_AUTH)
- printf("%s ","REQUIRES_HW_AUTH");
+ if (ticketflags & KRB5_KDB_REQUIRES_HW_AUTH)
+ printf("%s ","REQUIRES_HW_AUTH");
- if (ticketflags & KRB5_KDB_DISALLOW_SVR)
- printf("%s ","DISALLOW_SVR");
+ if (ticketflags & KRB5_KDB_DISALLOW_SVR)
+ printf("%s ","DISALLOW_SVR");
- if (ticketflags & KRB5_KDB_DISALLOW_TGT_BASED)
- printf("%s ","DISALLOW_TGT_BASED");
+ if (ticketflags & KRB5_KDB_DISALLOW_TGT_BASED)
+ printf("%s ","DISALLOW_TGT_BASED");
- if (ticketflags & KRB5_KDB_DISALLOW_ALL_TIX)
- printf("%s ","DISALLOW_ALL_TIX");
+ if (ticketflags & KRB5_KDB_DISALLOW_ALL_TIX)
+ printf("%s ","DISALLOW_ALL_TIX");
- if (ticketflags & KRB5_KDB_REQUIRES_PWCHANGE)
- printf("%s ","REQUIRES_PWCHANGE");
+ if (ticketflags & KRB5_KDB_REQUIRES_PWCHANGE)
+ printf("%s ","REQUIRES_PWCHANGE");
- if (ticketflags & KRB5_KDB_PWCHANGE_SERVICE)
- printf("%s ","PWCHANGE_SERVICE");
+ if (ticketflags & KRB5_KDB_PWCHANGE_SERVICE)
+ printf("%s ","PWCHANGE_SERVICE");
- printf("\n");
+ printf("\n");
}
dal_handle = (kdb5_dal_handle *)util_context->db_context;
ldap_context = (krb5_ldap_context *) dal_handle->db_context;
if (!(ldap_context)) {
- retval = EINVAL;
- exit_status++;
- return;
+ retval = EINVAL;
+ exit_status++;
+ return;
}
/* Read the kerberos container information */
- if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
- &(ldap_context->krbcontainer))) != 0) {
- com_err(argv[0], retval, "while reading kerberos container information");
- exit_status++;
- return;
+ if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
+ &(ldap_context->krbcontainer))) != 0) {
+ com_err(argv[0], retval, "while reading kerberos container information");
+ exit_status++;
+ return;
}
-
+
retval = krb5_ldap_list_realm(util_context, &list);
if (retval != 0) {
- krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
+ krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
ldap_context->krbcontainer = NULL;
- com_err (argv[0], retval, "while listing realms");
- exit_status++;
- return;
+ com_err (argv[0], retval, "while listing realms");
+ exit_status++;
+ return;
}
/* This is to handle the case of realm not present */
if (list == NULL) {
- krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
+ krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
ldap_context->krbcontainer = NULL;
- return;
+ return;
}
-
- for(plist = list; *plist != NULL; plist++) {
- printf("%s\n", *plist);
+
+ for (plist = list; *plist != NULL; plist++) {
+ printf("%s\n", *plist);
}
krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
ldap_context->krbcontainer = NULL;
/*
- * This function creates service principals when
+ * This function creates service principals when
* creating the realm object.
*/
static int
krb5_ldap_context *ldap_context=NULL;
if ((pblock == NULL) || (context == NULL)) {
- retval = EINVAL;
- goto cleanup;
+ retval = EINVAL;
+ goto cleanup;
}
dal_handle = (kdb5_dal_handle *) context->db_context;
ldap_context = (krb5_ldap_context *) dal_handle->db_context;
if (!(ldap_context)) {
- retval = EINVAL;
- goto cleanup;
+ retval = EINVAL;
+ goto cleanup;
}
memset(&entry, 0, sizeof(entry));
-
+
tl_data = malloc(sizeof(*tl_data));
if (tl_data == NULL) {
- retval = ENOMEM;
- goto cleanup;
+ retval = ENOMEM;
+ goto cleanup;
}
memset(tl_data, 0, sizeof(*tl_data));
tl_data->tl_data_length = 1 + 2 + 2 + 1 + 2 + 4;
tl_data->tl_data_type = 7; /* KDB_TL_USER_INFO */
curr = tl_data->tl_data_contents = malloc(tl_data->tl_data_length);
if (tl_data->tl_data_contents == NULL) {
- retval = ENOMEM;
- goto cleanup;
+ retval = ENOMEM;
+ goto cleanup;
}
-
+
memset(curr, 1, 1); /* Passing the mask as principal type */
curr += 1;
currlen = 2;
curr += currlen;
STORE16_INT(curr, princtype);
curr += currlen;
-
+
mask |= KDB_PRINCIPAL;
mask |= KDB_ATTRIBUTES ;
mask |= KDB_MAX_LIFE ;
goto cleanup;
/* Allocate memory for storing the key */
- if ((entry.key_data = (krb5_key_data *) malloc(
- (sizeof(krb5_key_data)*(entry.n_key_data + 1)))) == NULL) {
- retval = ENOMEM;
- goto cleanup;
+ if ((entry.key_data = (krb5_key_data *) malloc(
+ (sizeof(krb5_key_data)*(entry.n_key_data + 1)))) == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
}
-
+
memset(entry.key_data + entry.n_key_data, 0, sizeof(krb5_key_data));
entry.n_key_data++;
- switch (op)
- {
+ switch (op) {
case TGT_KEY:
retval = krb5_c_make_random_key(context, 16, &key) ;
- if( retval ) {
+ if (retval) {
goto cleanup;
}
-
+
kvno = 1; /* New key is getting set */
- retval = krb5_dbekd_encrypt_key_data(context,
- &ldap_context->lrparams->mkey,
- &key, NULL, kvno,
- &entry.key_data[entry.n_key_data - 1]);
- if( retval ) {
+ retval = krb5_dbekd_encrypt_key_data(context,
+ &ldap_context->lrparams->mkey,
+ &key, NULL, kvno,
+ &entry.key_data[entry.n_key_data - 1]);
+ if (retval) {
goto cleanup;
}
krb5_free_keyblock_contents(context, &key);
case MASTER_KEY:
kvno = 1; /* New key is getting set */
retval = krb5_dbekd_encrypt_key_data(context, pblock->key,
- &ldap_context->lrparams->mkey, NULL, kvno,
- &entry.key_data[entry.n_key_data - 1]);
- if( retval ) {
+ &ldap_context->lrparams->mkey, NULL, kvno,
+ &entry.key_data[entry.n_key_data - 1]);
+ if (retval) {
goto cleanup;
}
break;
default:
break;
} /* end of switch */
-
+
retval = krb5_ldap_put_principal(context, &entry, &nentry, NULL);
- if( retval ) {
- com_err(NULL, retval, "while adding entries to database");
- goto cleanup;
+ if (retval) {
+ com_err(NULL, retval, "while adding entries to database");
+ goto cleanup;
}
-
- cleanup:
- krb5_dbe_free_contents( context, &entry);
+
+cleanup:
+ krb5_dbe_free_contents(context, &entry);
return retval;
}
int mask = 0;
kdb5_dal_handle *dal_handle = NULL;
krb5_ldap_context *ldap_context = NULL;
-#ifdef HAVE_EDIRECTORY
+#ifdef HAVE_EDIRECTORY
int i = 0, rightsmask = 0;
krb5_ldap_realm_params *rparams = NULL;
#endif
optind = 1;
while ((optchar = getopt(argc, argv, "f")) != -1) {
- switch(optchar) {
+ switch (optchar) {
case 'f':
force++;
break;
dal_handle = (kdb5_dal_handle *)util_context->db_context;
ldap_context = (krb5_ldap_context *) dal_handle->db_context;
if (!(ldap_context)) {
- com_err(argv[0], EINVAL, "while initializing database");
- exit_status++;
- return;
+ com_err(argv[0], EINVAL, "while initializing database");
+ exit_status++;
+ return;
}
-
+
/* Read the kerberos container from the LDAP Server */
- if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
- &(ldap_context->krbcontainer))) != 0) {
- com_err(argv[0], retval, "while reading kerberos container information");
- exit_status++;
- return;
+ if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
+ &(ldap_context->krbcontainer))) != 0) {
+ com_err(argv[0], retval, "while reading kerberos container information");
+ exit_status++;
+ return;
}
/* Read the Realm information from the LDAP Server */
if ((retval = krb5_ldap_read_realm_params(util_context, global_params.realm,
- &(ldap_context->lrparams), &mask)) != 0) {
- com_err(argv[0], retval, "while reading realm information");
- exit_status++;
- return;
+ &(ldap_context->lrparams), &mask)) != 0) {
+ com_err(argv[0], retval, "while reading realm information");
+ exit_status++;
+ return;
}
#ifdef HAVE_EDIRECTORY
- if( (mask & LDAP_REALM_KDCSERVERS) || (mask & LDAP_REALM_ADMINSERVERS) ||
- (mask & LDAP_REALM_PASSWDSERVERS) ) {
-
+ if ((mask & LDAP_REALM_KDCSERVERS) || (mask & LDAP_REALM_ADMINSERVERS) ||
+ (mask & LDAP_REALM_PASSWDSERVERS)) {
+
printf("Changing rights for the service object. Please wait ... ");
fflush(stdout);
rightsmask = 0;
rightsmask |= LDAP_REALM_RIGHTS;
rightsmask |= LDAP_SUBTREE_RIGHTS;
- if ( (rparams != NULL) && (rparams->kdcservers != NULL) ) {
- for ( i=0; (rparams->kdcservers[i] != NULL); i++) {
- if((retval = krb5_ldap_delete_service_rights( util_context,
- LDAP_KDC_SERVICE, rparams->kdcservers[i],
- rparams->realm_name, rparams->subtree, rightsmask )) != 0) {
+ if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
+ for (i=0; (rparams->kdcservers[i] != NULL); i++) {
+ if ((retval = krb5_ldap_delete_service_rights(util_context,
+ LDAP_KDC_SERVICE, rparams->kdcservers[i],
+ rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
printf("failed\n");
com_err(argv[0], retval, "while assigning rights to '%s'",
- rparams->realm_name);
+ rparams->realm_name);
return;
}
}
rightsmask = 0;
rightsmask |= LDAP_REALM_RIGHTS;
rightsmask |= LDAP_SUBTREE_RIGHTS;
- if ( (rparams != NULL) && (rparams->adminservers != NULL) ) {
- for ( i=0; (rparams->adminservers[i] != NULL); i++) {
- if((retval = krb5_ldap_delete_service_rights( util_context,
- LDAP_ADMIN_SERVICE, rparams->adminservers[i],
- rparams->realm_name, rparams->subtree, rightsmask )) != 0) {
+ if ((rparams != NULL) && (rparams->adminservers != NULL)) {
+ for (i=0; (rparams->adminservers[i] != NULL); i++) {
+ if ((retval = krb5_ldap_delete_service_rights(util_context,
+ LDAP_ADMIN_SERVICE, rparams->adminservers[i],
+ rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
printf("failed\n");
com_err(argv[0], retval, "while assigning rights to '%s'",
- rparams->realm_name);
+ rparams->realm_name);
return;
}
}
rightsmask = 0;
rightsmask |= LDAP_REALM_RIGHTS;
rightsmask |= LDAP_SUBTREE_RIGHTS;
- if( (rparams != NULL) && (rparams->passwdservers != NULL) ) {
- for ( i=0; (rparams->passwdservers[i] != NULL); i++) {
- if((retval = krb5_ldap_delete_service_rights( util_context,
- LDAP_PASSWD_SERVICE, rparams->passwdservers[i],
- rparams->realm_name, rparams->subtree, rightsmask )) != 0) {
+ if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
+ for (i=0; (rparams->passwdservers[i] != NULL); i++) {
+ if ((retval = krb5_ldap_delete_service_rights(util_context,
+ LDAP_PASSWD_SERVICE, rparams->passwdservers[i],
+ rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
printf("failed\n");
com_err(argv[0], retval, "while assigning rights to '%s'",
- rparams->realm_name);
+ rparams->realm_name);
return;
}
}
/* Delete the realm container and all the associated principals */
retval = krb5_ldap_delete_realm(util_context, global_params.realm);
if (retval) {
- com_err(argv[0], retval, "deleting database of '%s'", global_params.realm);
- exit_status++;
- return;
+ com_err(argv[0], retval, "deleting database of '%s'", global_params.realm);
+ exit_status++;
+ return;
}
printf("** Database of '%s' destroyed.\n", global_params.realm);
/*
* kadmin/ldap_util/kdb5_ldap_realm.h
*/
-
+
/* Copyright (c) 2004-2005, Novell, Inc.
* All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
+ * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * The copyright holder's name is not used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * POSSIBILITY OF SUCH DAMAGE.
*/
#define MAX_KRB_CONTAINER_LEN 256
/* Copyright (c) 2004-2005, Novell, Inc.
* All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
+ * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * The copyright holder's name is not used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * POSSIBILITY OF SUCH DAMAGE.
*/
/*
#ifdef HAVE_EDIRECTORY
krb5_error_code
-rem_service_entry_from_file( int argc,
- char *argv[],
- char *file_name,
- char *service_object );
+rem_service_entry_from_file(int argc,
+ char *argv[],
+ char *file_name,
+ char *service_object);
extern char *yes;
extern krb5_boolean db_inited;
/* Protocol and port number processing */
for (j = 0; host_list[j]; j++) {
- /* Look for one hash */
- if ((pchr = strchr(host_list[j], HOST_INFO_DELIMITER))) {
- unsigned int hostname_len = pchr - host_list[j];
-
- /* Check input for buffer overflow */
- if (hostname_len >= MAX_LEN_LIST_ENTRY) {
- retval = EINVAL;
- goto cleanup;
- }
-
- /* First copy off the host name portion */
- strncpy (host_str, host_list[j], hostname_len);
-
- /* Parse for the protocol string and translate to number */
- strncpy (proto_str, pchr + 1, PROTOCOL_STR_LEN);
- if (!strcmp(proto_str, "udp"))
- sprintf (proto_str, "%d", PROTOCOL_NUM_UDP);
- else if (!strcmp(proto_str, "tcp"))
- sprintf (proto_str, "%d", PROTOCOL_NUM_TCP);
- else
- proto_str[0] = '\0'; /* Make the string null if invalid */
-
- /* Look for one more hash */
- if ((pchr = strchr(pchr + 1, HOST_INFO_DELIMITER))) {
- /* Parse for the port string and check if it is numeric */
- strncpy (port_str, pchr + 1, PORT_STR_LEN);
- if (!strtol(port_str, NULL, 10)) /* Not a valid number */
- port_str[0] = '\0';
- }
- else
- port_str[0] = '\0';
- }
- else { /* We have only host name */
- strncpy (host_str, host_list[j], MAX_LEN_LIST_ENTRY - 1);
- proto_str[0] = '\0';
- port_str[0] = '\0';
- }
-
- /* Now, based on service type, fill in suitable protocol
- and port values if they are absent or not matching */
- if (servicetype == LDAP_KDC_SERVICE) {
- if (proto_str[0] == '\0')
- sprintf (proto_str, "%d", PROTOCOL_DEFAULT_KDC);
-
- if (port_str[0] == '\0')
- sprintf (port_str, "%d", PORT_DEFAULT_KDC);
- }
- else if (servicetype == LDAP_ADMIN_SERVICE) {
- if (proto_str[0] == '\0')
- sprintf (proto_str, "%d", PROTOCOL_DEFAULT_ADM);
- else if (strcmp(proto_str, "1")) {
- sprintf (proto_str, "%d", PROTOCOL_DEFAULT_ADM);
-
- /* Print warning message */
- printf ("Admin Server supports only TCP protocol, hence setting that\n");
- }
-
- if (port_str[0] == '\0')
- sprintf (port_str, "%d", PORT_DEFAULT_ADM);
- }
- else if (servicetype == LDAP_PASSWD_SERVICE) {
- if (proto_str[0] == '\0')
- sprintf (proto_str, "%d", PROTOCOL_DEFAULT_PWD);
- else if (strcmp(proto_str, "0")) {
- sprintf (proto_str, "%d", PROTOCOL_DEFAULT_PWD);
-
- /* Print warning message */
- printf ("Password Server supports only UDP protocol, hence setting that\n");
- }
-
- if (port_str[0] == '\0')
- sprintf (port_str, "%d", PORT_DEFAULT_PWD);
- }
-
- /* Finally form back the string */
- free (host_list[j]);
- host_list[j] = (char*) malloc(sizeof(char) *
- (strlen(host_str) + strlen(proto_str) + strlen(port_str) + 2 + 1));
- if (host_list[j] == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- snprintf (host_list[j], strlen(host_str) + strlen(proto_str) + strlen(port_str) + 2 + 1,
- "%s#%s#%s", host_str, proto_str, port_str);
+ /* Look for one hash */
+ if ((pchr = strchr(host_list[j], HOST_INFO_DELIMITER))) {
+ unsigned int hostname_len = pchr - host_list[j];
+
+ /* Check input for buffer overflow */
+ if (hostname_len >= MAX_LEN_LIST_ENTRY) {
+ retval = EINVAL;
+ goto cleanup;
+ }
+
+ /* First copy off the host name portion */
+ strncpy (host_str, host_list[j], hostname_len);
+
+ /* Parse for the protocol string and translate to number */
+ strncpy (proto_str, pchr + 1, PROTOCOL_STR_LEN);
+ if (!strcmp(proto_str, "udp"))
+ sprintf (proto_str, "%d", PROTOCOL_NUM_UDP);
+ else if (!strcmp(proto_str, "tcp"))
+ sprintf (proto_str, "%d", PROTOCOL_NUM_TCP);
+ else
+ proto_str[0] = '\0'; /* Make the string null if invalid */
+
+ /* Look for one more hash */
+ if ((pchr = strchr(pchr + 1, HOST_INFO_DELIMITER))) {
+ /* Parse for the port string and check if it is numeric */
+ strncpy (port_str, pchr + 1, PORT_STR_LEN);
+ if (!strtol(port_str, NULL, 10)) /* Not a valid number */
+ port_str[0] = '\0';
+ } else
+ port_str[0] = '\0';
+ } else { /* We have only host name */
+ strncpy (host_str, host_list[j], MAX_LEN_LIST_ENTRY - 1);
+ proto_str[0] = '\0';
+ port_str[0] = '\0';
+ }
+
+ /* Now, based on service type, fill in suitable protocol
+ and port values if they are absent or not matching */
+ if (servicetype == LDAP_KDC_SERVICE) {
+ if (proto_str[0] == '\0')
+ sprintf (proto_str, "%d", PROTOCOL_DEFAULT_KDC);
+
+ if (port_str[0] == '\0')
+ sprintf (port_str, "%d", PORT_DEFAULT_KDC);
+ } else if (servicetype == LDAP_ADMIN_SERVICE) {
+ if (proto_str[0] == '\0')
+ sprintf (proto_str, "%d", PROTOCOL_DEFAULT_ADM);
+ else if (strcmp(proto_str, "1")) {
+ sprintf (proto_str, "%d", PROTOCOL_DEFAULT_ADM);
+
+ /* Print warning message */
+ printf ("Admin Server supports only TCP protocol, hence setting that\n");
+ }
+
+ if (port_str[0] == '\0')
+ sprintf (port_str, "%d", PORT_DEFAULT_ADM);
+ } else if (servicetype == LDAP_PASSWD_SERVICE) {
+ if (proto_str[0] == '\0')
+ sprintf (proto_str, "%d", PROTOCOL_DEFAULT_PWD);
+ else if (strcmp(proto_str, "0")) {
+ sprintf (proto_str, "%d", PROTOCOL_DEFAULT_PWD);
+
+ /* Print warning message */
+ printf ("Password Server supports only UDP protocol, hence setting that\n");
+ }
+
+ if (port_str[0] == '\0')
+ sprintf (port_str, "%d", PORT_DEFAULT_PWD);
+ }
+
+ /* Finally form back the string */
+ free (host_list[j]);
+ host_list[j] = (char*) malloc(sizeof(char) *
+ (strlen(host_str) + strlen(proto_str) + strlen(port_str) + 2 + 1));
+ if (host_list[j] == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ snprintf (host_list[j], strlen(host_str) + strlen(proto_str) + strlen(port_str) + 2 + 1,
+ "%s#%s#%s", host_str, proto_str, port_str);
}
cleanup:
* Given a realm name, this function will convert it to a DN by appending the
* Kerberos container location.
*/
-static krb5_error_code
+static krb5_error_code
convert_realm_name2dn_list(list, krbcontainer_loc)
char **list;
const char *krbcontainer_loc;
int i = 0;
if (list == NULL) {
- return EINVAL;
+ return EINVAL;
}
for (i = 0; (list[i] != NULL) && (i < MAX_LIST_ENTRIES); i++) {
- /* Restrict copying to max. length to avoid buffer overflow */
- snprintf (temp_str, MAX_DN_CHARS, "cn=%s,%s", list[i], krbcontainer_loc);
+ /* Restrict copying to max. length to avoid buffer overflow */
+ snprintf (temp_str, MAX_DN_CHARS, "cn=%s,%s", list[i], krbcontainer_loc);
- /* Make copy of string to temporary node */
- temp_node = strdup(temp_str);
- if (list[i] == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
+ /* Make copy of string to temporary node */
+ temp_node = strdup(temp_str);
+ if (list[i] == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
- /* On success, free list node and attach new one */
- free (list[i]);
- list[i] = temp_node;
- temp_node = NULL;
+ /* On success, free list node and attach new one */
+ free (list[i]);
+ list[i] = temp_node;
+ temp_node = NULL;
}
cleanup:
/*
- * This function will create a service object on the LDAP Server, with the
+ * This function will create a service object on the LDAP Server, with the
* specified attributes.
*/
void kdb5_ldap_create_service(argc, argv)
- int argc;
- char *argv[];
+ int argc;
+ char *argv[];
{
char *me = argv[0];
krb5_error_code retval = 0;
- krb5_ldap_service_params *srvparams = NULL;
+ krb5_ldap_service_params *srvparams = NULL;
krb5_boolean print_usage = FALSE;
krb5_boolean no_msg = FALSE;
int mask = 0;
/* Check for number of arguments */
if ((argc < 3) || (argc > 10)) {
- exit_status++;
+ exit_status++;
goto err_usage;
}
/* Allocate memory for service parameters structure */
srvparams = (krb5_ldap_service_params*) calloc(1, sizeof(krb5_ldap_service_params));
if (srvparams == NULL) {
- retval = ENOMEM;
- goto cleanup;
+ retval = ENOMEM;
+ goto cleanup;
}
dal_handle = (kdb5_dal_handle *) util_context->db_context;
of arguments */
extra_argv = (char **) calloc((unsigned int)argc, sizeof(char*));
if (extra_argv == NULL) {
- retval = ENOMEM;
- goto cleanup;
+ retval = ENOMEM;
+ goto cleanup;
}
/* Set first of the extra arguments as the program name */
extra_argv[0] = me;
extra_argc++;
- /* Read Kerberos container info, to construct realm DN from name
+ /* Read Kerberos container info, to construct realm DN from name
* and for assigning rights
*/
- if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
- &(ldap_context->krbcontainer)))) {
- com_err(me, retval, "while reading Kerberos container information");
- goto cleanup;
+ if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
+ &(ldap_context->krbcontainer)))) {
+ com_err(me, retval, "while reading Kerberos container information");
+ goto cleanup;
}
/* Parse all arguments */
for (i = 1; i < argc; i++) {
- if (!strcmp(argv[i], "-kdc")) {
- srvparams->servicetype = LDAP_KDC_SERVICE;
- }
- else if (!strcmp(argv[i], "-admin")) {
- srvparams->servicetype = LDAP_ADMIN_SERVICE;
- }
- else if (!strcmp(argv[i], "-pwd")) {
- srvparams->servicetype = LDAP_PASSWD_SERVICE;
- }
- else if (!strcmp(argv[i], "-servicehost")) {
- if (++i > argc - 1)
- goto err_usage;
-
- srvparams->krbhostservers = (char **)calloc(MAX_LIST_ENTRIES,
- sizeof(char *));
- if (srvparams->krbhostservers == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
-
- if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
- srvparams->krbhostservers))) {
- goto cleanup;
- }
-
- if ((retval = process_host_list (srvparams->krbhostservers,
- srvparams->servicetype))) {
- goto cleanup;
- }
-
- mask |= LDAP_SERVICE_HOSTSERVER;
- }
- else if (!strcmp(argv[i], "-realm")) {
- if (++i > argc - 1)
- goto err_usage;
-
- srvparams->krbrealmreferences = (char **)calloc(MAX_LIST_ENTRIES,
- sizeof(char *));
- if (srvparams->krbrealmreferences == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
-
- if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
- srvparams->krbrealmreferences))) {
- goto cleanup;
- }
-
- /* Convert realm names to realm DNs */
- if ((retval = convert_realm_name2dn_list(
- srvparams->krbrealmreferences,
- ldap_context->krbcontainer->DN))) {
- goto cleanup;
- }
-
- mask |= LDAP_SERVICE_REALMREFERENCE;
- }
- /* If argument is none of the above and beginning with '-',
- * it must be related to password -- collect it
- * to pass onto kdb5_ldap_set_service_password()
- */
- else if (*(argv[i]) == '-') {
- /* Checking for options of setting the password for the
- * service (by using 'setsrvpw') is not modular. --need to
- * have a common function that can be shared with 'setsrvpw'
- */
- if (!strcmp(argv[i], "-randpw")) {
- extra_argv[extra_argc] = argv[i];
- extra_argc++;
- }
- else if (!strcmp(argv[i], "-fileonly")) {
- extra_argv[extra_argc] = argv[i];
- extra_argc++;
- }
- /* For '-f' option alone, pick up the following argument too */
- else if (!strcmp(argv[i], "-f")) {
- extra_argv[extra_argc] = argv[i];
- extra_argc++;
-
- if (++i > argc - 1)
- goto err_usage;
-
- extra_argv[extra_argc] = argv[i];
- extra_argc++;
- }
- else { /* Any other option is invalid */
- exit_status++;
- goto err_usage;
- }
- }
- else { /* Any other argument must be service DN */
- /* First check if service DN is already provided --
- * if so, there's a usage error
- */
- if (srvparams->servicedn != NULL) {
- com_err(me, EINVAL, "while creating service object");
- goto err_usage;
- }
-
- /* If not present already, fill up service DN */
- srvparams->servicedn = strdup(argv[i]);
- if (srvparams->servicedn == NULL) {
- com_err(me, ENOMEM, "while creating service object");
- goto err_nomsg;
- }
- }
+ if (!strcmp(argv[i], "-kdc")) {
+ srvparams->servicetype = LDAP_KDC_SERVICE;
+ } else if (!strcmp(argv[i], "-admin")) {
+ srvparams->servicetype = LDAP_ADMIN_SERVICE;
+ } else if (!strcmp(argv[i], "-pwd")) {
+ srvparams->servicetype = LDAP_PASSWD_SERVICE;
+ } else if (!strcmp(argv[i], "-servicehost")) {
+ if (++i > argc - 1)
+ goto err_usage;
+
+ srvparams->krbhostservers = (char **)calloc(MAX_LIST_ENTRIES,
+ sizeof(char *));
+ if (srvparams->krbhostservers == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+
+ if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+ srvparams->krbhostservers))) {
+ goto cleanup;
+ }
+
+ if ((retval = process_host_list (srvparams->krbhostservers,
+ srvparams->servicetype))) {
+ goto cleanup;
+ }
+
+ mask |= LDAP_SERVICE_HOSTSERVER;
+ } else if (!strcmp(argv[i], "-realm")) {
+ if (++i > argc - 1)
+ goto err_usage;
+
+ srvparams->krbrealmreferences = (char **)calloc(MAX_LIST_ENTRIES,
+ sizeof(char *));
+ if (srvparams->krbrealmreferences == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+
+ if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+ srvparams->krbrealmreferences))) {
+ goto cleanup;
+ }
+
+ /* Convert realm names to realm DNs */
+ if ((retval = convert_realm_name2dn_list(
+ srvparams->krbrealmreferences,
+ ldap_context->krbcontainer->DN))) {
+ goto cleanup;
+ }
+
+ mask |= LDAP_SERVICE_REALMREFERENCE;
+ }
+ /* If argument is none of the above and beginning with '-',
+ * it must be related to password -- collect it
+ * to pass onto kdb5_ldap_set_service_password()
+ */
+ else if (*(argv[i]) == '-') {
+ /* Checking for options of setting the password for the
+ * service (by using 'setsrvpw') is not modular. --need to
+ * have a common function that can be shared with 'setsrvpw'
+ */
+ if (!strcmp(argv[i], "-randpw")) {
+ extra_argv[extra_argc] = argv[i];
+ extra_argc++;
+ } else if (!strcmp(argv[i], "-fileonly")) {
+ extra_argv[extra_argc] = argv[i];
+ extra_argc++;
+ }
+ /* For '-f' option alone, pick up the following argument too */
+ else if (!strcmp(argv[i], "-f")) {
+ extra_argv[extra_argc] = argv[i];
+ extra_argc++;
+
+ if (++i > argc - 1)
+ goto err_usage;
+
+ extra_argv[extra_argc] = argv[i];
+ extra_argc++;
+ } else { /* Any other option is invalid */
+ exit_status++;
+ goto err_usage;
+ }
+ } else { /* Any other argument must be service DN */
+ /* First check if service DN is already provided --
+ * if so, there's a usage error
+ */
+ if (srvparams->servicedn != NULL) {
+ com_err(me, EINVAL, "while creating service object");
+ goto err_usage;
+ }
+
+ /* If not present already, fill up service DN */
+ srvparams->servicedn = strdup(argv[i]);
+ if (srvparams->servicedn == NULL) {
+ com_err(me, ENOMEM, "while creating service object");
+ goto err_nomsg;
+ }
+ }
}
/* No point in proceeding further if service DN value is not available */
if (srvparams->servicedn == NULL) {
com_err(me, EINVAL, "while creating service object");
- goto err_usage;
+ goto err_usage;
}
if (srvparams->servicetype == 0) { /* Not provided and hence not set */
com_err(me, EINVAL, "while creating service object");
- goto err_usage;
+ goto err_usage;
}
/* Create object with all attributes provided */
if ((retval = krb5_ldap_create_service(util_context, srvparams, mask)))
- goto cleanup;
+ goto cleanup;
service_obj_created = TRUE;
- /* ** NOTE ** srvparams structure should not be modified, as it is
+ /* ** NOTE ** srvparams structure should not be modified, as it is
* used for deletion of the service object in case of any failures
* from now on.
*/
/* Set password too */
if (extra_argc >= 1) {
- /* Set service DN as the last argument */
- extra_argv[extra_argc] = strdup(srvparams->servicedn);
- extra_argc++;
-
- if( (retval = kdb5_ldap_set_service_password(extra_argc, extra_argv)) != 0 )
- {
- goto err_nomsg;
+ /* Set service DN as the last argument */
+ extra_argv[extra_argc] = strdup(srvparams->servicedn);
+ extra_argc++;
+
+ if ((retval = kdb5_ldap_set_service_password(extra_argc, extra_argv)) != 0) {
+ goto err_nomsg;
}
}
/* Rights assignment */
- if( mask & LDAP_SERVICE_REALMREFERENCE ) {
+ if (mask & LDAP_SERVICE_REALMREFERENCE) {
printf("%s","Changing rights for the service object. Please wait ... ");
fflush(stdout);
rightsmask |= LDAP_REALM_RIGHTS;
rightsmask |= LDAP_SUBTREE_RIGHTS;
- if( (srvparams != NULL) && (srvparams->krbrealmreferences != NULL) ) {
- for ( i=0; (srvparams->krbrealmreferences[i] != NULL); i++) {
-
+ if ((srvparams != NULL) && (srvparams->krbrealmreferences != NULL)) {
+ for (i=0; (srvparams->krbrealmreferences[i] != NULL); i++) {
+
/* Get the realm name, not the dn */
temprdns = ldap_explode_dn(srvparams->krbrealmreferences[i], 1);
-
- if( temprdns[0] == NULL ) {
+
+ if (temprdns[0] == NULL) {
retval = EINVAL;
goto cleanup;
}
-
+
realmName = strdup(temprdns[0]);
- if( realmName == NULL ) {
+ if (realmName == NULL) {
retval = ENOMEM;
goto cleanup;
}
- if((retval = krb5_ldap_read_realm_params(util_context,
- realmName, &rparams, &rmask))) {
+ if ((retval = krb5_ldap_read_realm_params(util_context,
+ realmName, &rparams, &rmask))) {
com_err(me, retval, "while reading information of realm '%s'",
- realmName);
+ realmName);
goto cleanup;
}
-
- if((retval = krb5_ldap_add_service_rights(util_context,
- srvparams->servicetype, srvparams->servicedn,
- realmName, rparams->subtree, rightsmask))) {
+
+ if ((retval = krb5_ldap_add_service_rights(util_context,
+ srvparams->servicetype, srvparams->servicedn,
+ realmName, rparams->subtree, rightsmask))) {
printf("failed\n");
com_err(me, retval, "while assigning rights '%s'",
- srvparams->servicedn);
+ srvparams->servicedn);
goto cleanup;
}
-
- if( rparams )
+
+ if (rparams)
krb5_ldap_free_realm_params(rparams);
}
}
cleanup:
- if ((retval != 0) && (service_obj_created == TRUE))
- {
- /* This is for deleting the service object if something goes
- * wrong in creating the service object
- */
+ if ((retval != 0) && (service_obj_created == TRUE)) {
+ /* This is for deleting the service object if something goes
+ * wrong in creating the service object
+ */
- /* srvparams is populated from the user input and should be correct as
- * we were successful in creating a service object. Reusing the same
- */
- krb5_ldap_delete_service(util_context, srvparams, srvparams->servicedn);
+ /* srvparams is populated from the user input and should be correct as
+ * we were successful in creating a service object. Reusing the same
+ */
+ krb5_ldap_delete_service(util_context, srvparams, srvparams->servicedn);
}
-
+
/* Clean-up structure */
krb5_ldap_free_service (util_context, srvparams);
if (extra_argv) {
- free (extra_argv);
- extra_argv = NULL;
+ free (extra_argv);
+ extra_argv = NULL;
}
- if ( realmName ) {
+ if (realmName) {
free(realmName);
realmName = NULL;
}
if (print_usage)
- db_usage (CREATE_SERVICE);
+ db_usage (CREATE_SERVICE);
if (retval) {
- if (!no_msg)
- com_err(me, retval, "while creating service object");
+ if (!no_msg)
+ com_err(me, retval, "while creating service object");
- exit_status++;
+ exit_status++;
}
return;
* object on the LDAP Server
*/
void kdb5_ldap_modify_service(argc, argv)
- int argc;
- char *argv[];
+ int argc;
+ char *argv[];
{
char *me = argv[0];
krb5_error_code retval = 0;
/* Check for number of arguments */
if ((argc < 3) || (argc > 10)) {
- exit_status++;
- goto err_usage;
+ exit_status++;
+ goto err_usage;
}
dal_handle = (kdb5_dal_handle *) util_context->db_context;
/* Parse all arguments, only to pick up service DN (Pass 1) */
for (i = 1; i < argc; i++) {
- /* Skip arguments next to 'servicehost'
- and 'realmdn' arguments */
- if (!strcmp(argv[i], "-servicehost")) {
- ++i;
- }
- else if (!strcmp(argv[i], "-clearservicehost")) {
- ++i;
- }
- else if (!strcmp(argv[i], "-addservicehost")) {
- ++i;
- }
- else if (!strcmp(argv[i], "-realm")) {
- ++i;
- }
- else if (!strcmp(argv[i], "-clearrealm")) {
- ++i;
- }
- else if (!strcmp(argv[i], "-addrealm")) {
- ++i;
- }
- else { /* Any other argument must be service DN */
- /* First check if service DN is already provided --
- if so, there's a usage error */
- if (servicedn != NULL) {
- com_err(me, EINVAL, "while modifying service object");
- goto err_usage;
- }
-
- /* If not present already, fill up service DN */
- servicedn = strdup(argv[i]);
- if (servicedn == NULL) {
- com_err(me, ENOMEM, "while modifying service object");
- goto err_nomsg;
- }
+ /* Skip arguments next to 'servicehost'
+ and 'realmdn' arguments */
+ if (!strcmp(argv[i], "-servicehost")) {
+ ++i;
+ } else if (!strcmp(argv[i], "-clearservicehost")) {
+ ++i;
+ } else if (!strcmp(argv[i], "-addservicehost")) {
+ ++i;
+ } else if (!strcmp(argv[i], "-realm")) {
+ ++i;
+ } else if (!strcmp(argv[i], "-clearrealm")) {
+ ++i;
+ } else if (!strcmp(argv[i], "-addrealm")) {
+ ++i;
+ } else { /* Any other argument must be service DN */
+ /* First check if service DN is already provided --
+ if so, there's a usage error */
+ if (servicedn != NULL) {
+ com_err(me, EINVAL, "while modifying service object");
+ goto err_usage;
+ }
+
+ /* If not present already, fill up service DN */
+ servicedn = strdup(argv[i]);
+ if (servicedn == NULL) {
+ com_err(me, ENOMEM, "while modifying service object");
+ goto err_nomsg;
+ }
}
}
/* No point in proceeding further if service DN value is not available */
if (servicedn == NULL) {
com_err(me, EINVAL, "while modifying service object");
- goto err_usage;
+ goto err_usage;
}
retval = krb5_ldap_read_service(util_context, servicedn, &srvparams, &in_mask);
if (retval) {
- com_err(argv[0], retval, "while reading information of service '%s'",
+ com_err(argv[0], retval, "while reading information of service '%s'",
servicedn);
- goto err_nomsg;
+ goto err_nomsg;
}
/* Read Kerberos container info, to construct realm DN from name
* and for assigning rights
*/
if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
- &(ldap_context->krbcontainer)))) {
- com_err(me, retval, "while reading Kerberos container information");
- goto cleanup;
+ &(ldap_context->krbcontainer)))) {
+ com_err(me, retval, "while reading Kerberos container information");
+ goto cleanup;
}
/* Parse all arguments, but skip the service DN (Pass 2) */
for (i = 1; i < argc; i++) {
- if (!strcmp(argv[i], "-servicehost")) {
- if (++i > argc - 1)
- goto err_usage;
-
- /* Free the old list if available */
- if (srvparams->krbhostservers) {
- krb5_free_list_entries (srvparams->krbhostservers);
- free (srvparams->krbhostservers);
- }
-
- srvparams->krbhostservers = (char **)calloc(MAX_LIST_ENTRIES,
- sizeof(char *));
- if (srvparams->krbhostservers == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
-
- if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
- srvparams->krbhostservers))) {
- goto cleanup;
- }
-
- if ((retval = process_host_list (srvparams->krbhostservers,
- srvparams->servicetype))) {
- goto cleanup;
- }
-
- out_mask |= LDAP_SERVICE_HOSTSERVER;
-
- /* Set flag to ignore 'add' and 'clear' */
- srvhost_flag = 1;
- }
- else if (!strcmp(argv[i], "-clearservicehost")) {
- if (++i > argc - 1)
- goto err_usage;
-
- if (!srvhost_flag) {
- /* If attribute doesn't exist, don't permit 'clear' option */
- if ((in_mask & LDAP_SERVICE_HOSTSERVER) == 0) {
- /* Send out some proper error message here */
+ if (!strcmp(argv[i], "-servicehost")) {
+ if (++i > argc - 1)
+ goto err_usage;
+
+ /* Free the old list if available */
+ if (srvparams->krbhostservers) {
+ krb5_free_list_entries (srvparams->krbhostservers);
+ free (srvparams->krbhostservers);
+ }
+
+ srvparams->krbhostservers = (char **)calloc(MAX_LIST_ENTRIES,
+ sizeof(char *));
+ if (srvparams->krbhostservers == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+
+ if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+ srvparams->krbhostservers))) {
+ goto cleanup;
+ }
+
+ if ((retval = process_host_list (srvparams->krbhostservers,
+ srvparams->servicetype))) {
+ goto cleanup;
+ }
+
+ out_mask |= LDAP_SERVICE_HOSTSERVER;
+
+ /* Set flag to ignore 'add' and 'clear' */
+ srvhost_flag = 1;
+ } else if (!strcmp(argv[i], "-clearservicehost")) {
+ if (++i > argc - 1)
+ goto err_usage;
+
+ if (!srvhost_flag) {
+ /* If attribute doesn't exist, don't permit 'clear' option */
+ if ((in_mask & LDAP_SERVICE_HOSTSERVER) == 0) {
+ /* Send out some proper error message here */
com_err(me, EINVAL, "service host list is empty\n");
- goto err_nomsg;
- }
-
- /* Allocate list for processing */
- list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
- if (list == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
-
- if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
- goto cleanup;
-
- if ((retval = process_host_list (list, srvparams->servicetype))) {
- goto cleanup;
- }
-
- list_modify_str_array(&(srvparams->krbhostservers),
- (const char**)list, LIST_MODE_DELETE);
-
- out_mask |= LDAP_SERVICE_HOSTSERVER;
-
- /* Clean up */
- free (list);
- list = NULL;
- }
- }
- else if (!strcmp(argv[i], "-addservicehost")) {
- if (++i > argc - 1)
- goto err_usage;
-
- if (!srvhost_flag) {
- /* Allocate list for processing */
- list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
- if (list == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
-
- if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
- goto cleanup;
-
- if ((retval = process_host_list (list, srvparams->servicetype))) {
- goto cleanup;
- }
-
- /* Call list_modify_str_array() only if host server attribute
- * exists already --Actually, it's better to handle this
+ goto err_nomsg;
+ }
+
+ /* Allocate list for processing */
+ list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+ if (list == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+
+ if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
+ goto cleanup;
+
+ if ((retval = process_host_list (list, srvparams->servicetype))) {
+ goto cleanup;
+ }
+
+ list_modify_str_array(&(srvparams->krbhostservers),
+ (const char**)list, LIST_MODE_DELETE);
+
+ out_mask |= LDAP_SERVICE_HOSTSERVER;
+
+ /* Clean up */
+ free (list);
+ list = NULL;
+ }
+ } else if (!strcmp(argv[i], "-addservicehost")) {
+ if (++i > argc - 1)
+ goto err_usage;
+
+ if (!srvhost_flag) {
+ /* Allocate list for processing */
+ list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+ if (list == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+
+ if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
+ goto cleanup;
+
+ if ((retval = process_host_list (list, srvparams->servicetype))) {
+ goto cleanup;
+ }
+
+ /* Call list_modify_str_array() only if host server attribute
+ * exists already --Actually, it's better to handle this
* within list_modify_str_array()
*/
- if (in_mask & LDAP_SERVICE_HOSTSERVER) {
- /* Re-size existing list */
- existing_entries = list_count_str_array(srvparams->krbhostservers);
- new_entries = list_count_str_array(list);
- temp_ptr = (char **) realloc(srvparams->krbhostservers,
- sizeof(char *) * (existing_entries + new_entries + 1));
- if (temp_ptr == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- srvparams->krbhostservers = temp_ptr;
-
- list_modify_str_array(&(srvparams->krbhostservers),
- (const char**)list, LIST_MODE_ADD);
-
- /* Clean up */
- free (list);
- list = NULL;
- }
- else
- srvparams->krbhostservers = list;
-
- out_mask |= LDAP_SERVICE_HOSTSERVER;
- }
- }
- else if (!strcmp(argv[i], "-realm")) {
- if (++i > argc - 1)
- goto err_usage;
-
- if ((in_mask & LDAP_SERVICE_REALMREFERENCE) && (srvparams->krbrealmreferences)) {
- if (!oldrealmrefs) {
- /* Store the old realm list for removing rights */
- oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
- if (oldrealmrefs == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
-
+ if (in_mask & LDAP_SERVICE_HOSTSERVER) {
+ /* Re-size existing list */
+ existing_entries = list_count_str_array(srvparams->krbhostservers);
+ new_entries = list_count_str_array(list);
+ temp_ptr = (char **) realloc(srvparams->krbhostservers,
+ sizeof(char *) * (existing_entries + new_entries + 1));
+ if (temp_ptr == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ srvparams->krbhostservers = temp_ptr;
+
+ list_modify_str_array(&(srvparams->krbhostservers),
+ (const char**)list, LIST_MODE_ADD);
+
+ /* Clean up */
+ free (list);
+ list = NULL;
+ } else
+ srvparams->krbhostservers = list;
+
+ out_mask |= LDAP_SERVICE_HOSTSERVER;
+ }
+ } else if (!strcmp(argv[i], "-realm")) {
+ if (++i > argc - 1)
+ goto err_usage;
+
+ if ((in_mask & LDAP_SERVICE_REALMREFERENCE) && (srvparams->krbrealmreferences)) {
+ if (!oldrealmrefs) {
+ /* Store the old realm list for removing rights */
+ oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+ if (oldrealmrefs == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+
for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) {
- oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
- if (oldrealmrefs[j] == NULL) {
+ oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
+ if (oldrealmrefs[j] == NULL) {
retval = ENOMEM;
goto cleanup;
- }
+ }
}
oldrealmrefs[j] = NULL;
- }
-
- /* Free the old list if available */
- krb5_free_list_entries (srvparams->krbrealmreferences);
- free (srvparams->krbrealmreferences);
- }
-
- srvparams->krbrealmreferences = (char **)calloc(MAX_LIST_ENTRIES,
- sizeof(char *));
- if (srvparams->krbrealmreferences == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
-
- if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
- srvparams->krbrealmreferences))) {
- goto cleanup;
- }
-
- /* Convert realm names to realm DNs */
- if ((retval = convert_realm_name2dn_list(
- srvparams->krbrealmreferences,
- ldap_context->krbcontainer->DN))) {
- goto cleanup;
- }
-
- out_mask |= LDAP_SERVICE_REALMREFERENCE;
-
- /* Set flag to ignore 'add' and 'clear' */
- realmdn_flag = 1;
- }
- else if (!strcmp(argv[i], "-clearrealm")) {
- if (++i > argc - 1)
- goto err_usage;
-
- if (!realmdn_flag) {
- /* If attribute doesn't exist, don't permit 'clear' option */
- if (((in_mask & LDAP_SERVICE_REALMREFERENCE) == 0) || (srvparams->krbrealmreferences == NULL)) {
- /* Send out some proper error message here */
- goto err_nomsg;
- }
-
- if (!oldrealmrefs) {
+ }
+
+ /* Free the old list if available */
+ krb5_free_list_entries (srvparams->krbrealmreferences);
+ free (srvparams->krbrealmreferences);
+ }
+
+ srvparams->krbrealmreferences = (char **)calloc(MAX_LIST_ENTRIES,
+ sizeof(char *));
+ if (srvparams->krbrealmreferences == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+
+ if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+ srvparams->krbrealmreferences))) {
+ goto cleanup;
+ }
+
+ /* Convert realm names to realm DNs */
+ if ((retval = convert_realm_name2dn_list(
+ srvparams->krbrealmreferences,
+ ldap_context->krbcontainer->DN))) {
+ goto cleanup;
+ }
+
+ out_mask |= LDAP_SERVICE_REALMREFERENCE;
+
+ /* Set flag to ignore 'add' and 'clear' */
+ realmdn_flag = 1;
+ } else if (!strcmp(argv[i], "-clearrealm")) {
+ if (++i > argc - 1)
+ goto err_usage;
+
+ if (!realmdn_flag) {
+ /* If attribute doesn't exist, don't permit 'clear' option */
+ if (((in_mask & LDAP_SERVICE_REALMREFERENCE) == 0) || (srvparams->krbrealmreferences == NULL)) {
+ /* Send out some proper error message here */
+ goto err_nomsg;
+ }
+
+ if (!oldrealmrefs) {
/* Store the old realm list for removing rights */
- oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
- if (oldrealmrefs == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
+ oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+ if (oldrealmrefs == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) {
- oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
- if (oldrealmrefs[j] == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
+ oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
+ if (oldrealmrefs[j] == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
}
oldrealmrefs[j] = NULL;
- }
-
- /* Allocate list for processing */
- list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
- if (list == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
-
- if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
- goto cleanup;
-
- /* Convert realm names to realm DNs */
- if ((retval = convert_realm_name2dn_list(list,
- ldap_context->krbcontainer->DN))) {
- goto cleanup;
- }
-
- list_modify_str_array(&(srvparams->krbrealmreferences),
- (const char**)list, LIST_MODE_DELETE);
-
- out_mask |= LDAP_SERVICE_REALMREFERENCE;
-
- /* Clean up */
- free (list);
- list = NULL;
- }
- }
- else if (!strcmp(argv[i], "-addrealm")) {
- if (++i > argc - 1)
- goto err_usage;
-
- if (!realmdn_flag) {
- /* Allocate list for processing */
- list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
- if (list == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
-
- if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
- goto cleanup;
-
- /* Convert realm names to realm DNs */
- if ((retval = convert_realm_name2dn_list(list,
- ldap_context->krbcontainer->DN))) {
- goto cleanup;
- }
-
- if ((in_mask & LDAP_SERVICE_REALMREFERENCE) && (srvparams->krbrealmreferences) && (!oldrealmrefs)) {
+ }
+
+ /* Allocate list for processing */
+ list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+ if (list == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+
+ if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
+ goto cleanup;
+
+ /* Convert realm names to realm DNs */
+ if ((retval = convert_realm_name2dn_list(list,
+ ldap_context->krbcontainer->DN))) {
+ goto cleanup;
+ }
+
+ list_modify_str_array(&(srvparams->krbrealmreferences),
+ (const char**)list, LIST_MODE_DELETE);
+
+ out_mask |= LDAP_SERVICE_REALMREFERENCE;
+
+ /* Clean up */
+ free (list);
+ list = NULL;
+ }
+ } else if (!strcmp(argv[i], "-addrealm")) {
+ if (++i > argc - 1)
+ goto err_usage;
+
+ if (!realmdn_flag) {
+ /* Allocate list for processing */
+ list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+ if (list == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+
+ if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
+ goto cleanup;
+
+ /* Convert realm names to realm DNs */
+ if ((retval = convert_realm_name2dn_list(list,
+ ldap_context->krbcontainer->DN))) {
+ goto cleanup;
+ }
+
+ if ((in_mask & LDAP_SERVICE_REALMREFERENCE) && (srvparams->krbrealmreferences) && (!oldrealmrefs)) {
/* Store the old realm list for removing rights */
- oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
- if (oldrealmrefs == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
+ oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+ if (oldrealmrefs == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) {
- oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
- if (oldrealmrefs[j] == NULL) {
+ oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
+ if (oldrealmrefs[j] == NULL) {
retval = ENOMEM;
goto cleanup;
- }
+ }
}
oldrealmrefs[j] = NULL;
- }
+ }
- /* Call list_modify_str_array() only if realm DN attribute
- * exists already -- Actually, it's better to handle this
+ /* Call list_modify_str_array() only if realm DN attribute
+ * exists already -- Actually, it's better to handle this
* within list_modify_str_array() */
- if (in_mask & LDAP_SERVICE_REALMREFERENCE) {
- /* Re-size existing list */
- existing_entries = list_count_str_array(
- srvparams->krbrealmreferences);
- new_entries = list_count_str_array(list);
- temp_ptr = (char **) realloc(srvparams->krbrealmreferences,
- sizeof(char *) * (existing_entries + new_entries + 1));
- if (temp_ptr == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- srvparams->krbrealmreferences = temp_ptr;
-
- list_modify_str_array(&(srvparams->krbrealmreferences),
- (const char**)list, LIST_MODE_ADD);
-
- /* Clean up */
- free (list);
- list = NULL;
- }
- else
- srvparams->krbrealmreferences = list;
-
- out_mask |= LDAP_SERVICE_REALMREFERENCE;
- }
- }
- else {
- /* Any other argument must be service DN
- -- skip it */
- }
+ if (in_mask & LDAP_SERVICE_REALMREFERENCE) {
+ /* Re-size existing list */
+ existing_entries = list_count_str_array(
+ srvparams->krbrealmreferences);
+ new_entries = list_count_str_array(list);
+ temp_ptr = (char **) realloc(srvparams->krbrealmreferences,
+ sizeof(char *) * (existing_entries + new_entries + 1));
+ if (temp_ptr == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ srvparams->krbrealmreferences = temp_ptr;
+
+ list_modify_str_array(&(srvparams->krbrealmreferences),
+ (const char**)list, LIST_MODE_ADD);
+
+ /* Clean up */
+ free (list);
+ list = NULL;
+ } else
+ srvparams->krbrealmreferences = list;
+
+ out_mask |= LDAP_SERVICE_REALMREFERENCE;
+ }
+ } else {
+ /* Any other argument must be service DN
+ -- skip it */
+ }
}
/* Modify attributes of object */
if ((retval = krb5_ldap_modify_service(util_context, srvparams, out_mask)))
- goto cleanup;
+ goto cleanup;
/* Service rights modification code */
if (out_mask & LDAP_SERVICE_REALMREFERENCE) {
printf("%s","Changing rights for the service object. Please wait ... ");
fflush(stdout);
-
+
newrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
if (newrealmrefs == NULL) {
retval = ENOMEM;
goto cleanup;
}
-
+
if ((srvparams != NULL) && (srvparams->krbrealmreferences != NULL)) {
for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) {
newrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
newrealmrefs[j] = NULL;
}
disjoint_members(oldrealmrefs, newrealmrefs);
-
- /* Delete the rights for the given service, on each of the realm
- * container & subtree in the old realm reference list.
+
+ /* Delete the rights for the given service, on each of the realm
+ * container & subtree in the old realm reference list.
*/
if (oldrealmrefs) {
rightsmask = 0;
for (i = 0; (oldrealmrefs[i] != NULL); i++) {
/* Get the realm name, not the dn */
temprdns = ldap_explode_dn(oldrealmrefs[i], 1);
-
+
if (temprdns[0] == NULL) {
retval = EINVAL;
goto cleanup;
}
-
+
realmName = strdup(temprdns[0]);
if (realmName == NULL) {
retval = ENOMEM;
goto cleanup;
}
- if ((retval = krb5_ldap_read_realm_params(util_context,
- realmName, &rparams, &rmask))) {
+ if ((retval = krb5_ldap_read_realm_params(util_context,
+ realmName, &rparams, &rmask))) {
com_err(me, retval, "while reading information of realm '%s'",
- realmName);
+ realmName);
goto err_nomsg;
}
-
+
if ((retval = krb5_ldap_delete_service_rights(util_context,
- srvparams->servicetype, srvparams->servicedn,
- realmName, rparams->subtree, rightsmask))) {
+ srvparams->servicetype, srvparams->servicedn,
+ realmName, rparams->subtree, rightsmask))) {
printf("failed\n");
com_err(me, retval, "while assigning rights '%s'",
- srvparams->servicedn);
+ srvparams->servicedn);
goto err_nomsg;
}
-
+
if (rparams)
krb5_ldap_free_realm_params(rparams);
}
}
-
- /* Add the rights for the given service, on each of the realm
+
+ /* Add the rights for the given service, on each of the realm
* container & subtree in the new realm reference list.
*/
if (newrealmrefs) {
rightsmask = 0;
rightsmask |= LDAP_REALM_RIGHTS;
rightsmask |= LDAP_SUBTREE_RIGHTS;
-
+
for (i = 0; (newrealmrefs[i] != NULL); i++) {
/* Get the realm name, not the dn */
temprdns = ldap_explode_dn(newrealmrefs[i], 1);
-
+
if (temprdns[0] == NULL) {
retval = EINVAL;
goto cleanup;
}
-
+
realmName = strdup(temprdns[0]);
if (realmName == NULL) {
retval = ENOMEM;
goto cleanup;
}
-
- if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
- &(ldap_context->krbcontainer)))) {
- com_err(me, retval,
- "while reading Kerberos container information");
+
+ if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
+ &(ldap_context->krbcontainer)))) {
+ com_err(me, retval,
+ "while reading Kerberos container information");
goto cleanup;
}
- if ((retval = krb5_ldap_read_realm_params(util_context,
- realmName, &rparams, &rmask))) {
+ if ((retval = krb5_ldap_read_realm_params(util_context,
+ realmName, &rparams, &rmask))) {
com_err(me, retval, "while reading information of realm '%s'",
- realmName);
+ realmName);
goto err_nomsg;
}
-
- if ((retval = krb5_ldap_add_service_rights(util_context,
- srvparams->servicetype, srvparams->servicedn,
- realmName, rparams->subtree, rightsmask))) {
+
+ if ((retval = krb5_ldap_add_service_rights(util_context,
+ srvparams->servicetype, srvparams->servicedn,
+ realmName, rparams->subtree, rightsmask))) {
printf("failed\n");
- com_err(me, retval, "while assigning rights '%s'",
- srvparams->servicedn);
+ com_err(me, retval, "while assigning rights '%s'",
+ srvparams->servicedn);
goto err_nomsg;
}
-
+
if (rparams) {
krb5_ldap_free_realm_params(rparams);
- rparams = NULL;
- }
+ rparams = NULL;
+ }
}
printf("done\n");
}
krb5_ldap_free_service(util_context, srvparams);
if (servicedn)
- free(servicedn);
+ free(servicedn);
if (list) {
- free(list);
- list = NULL;
+ free(list);
+ list = NULL;
}
if (oldrealmrefs) {
free(newrealmrefs);
}
if (realmName) {
- free(realmName);
- realmName = NULL;
+ free(realmName);
+ realmName = NULL;
}
if (print_usage)
- db_usage(MODIFY_SERVICE);
+ db_usage(MODIFY_SERVICE);
if (retval) {
- if (!no_msg)
- com_err(me, retval, "while modifying service object");
- exit_status++;
+ if (!no_msg)
+ com_err(me, retval, "while modifying service object");
+ exit_status++;
}
return;
*/
static krb5_error_code
rem_service_entry_from_file(argc, argv, file_name, service_object)
-int argc;
-char *argv[];
-char *file_name;
-char *service_object;
+ int argc;
+ char *argv[];
+ char *file_name;
+ char *service_object;
{
int st = EINVAL;
char *me = argv[0];
/* Check for permissions on the password file */
if (access(file_name, W_OK) == -1) {
/* If the specified file itself is not there, no need to show error */
- if (errno == ENOENT) {
+ if (errno == ENOENT) {
st=0;
goto cleanup;
- }
- else {
+ } else {
com_err(me, errno, "while deleting entry from file %s", file_name);
goto cleanup;
}
}
-
- /* Create a temporary file which contains all the entries except the
+
+ /* Create a temporary file which contains all the entries except the
entry for the given service dn */
pfile = fopen(file_name, "r+");
if (pfile == NULL) {
goto cleanup;
}
snprintf (tmp_file, strlen(file_name) + 4 + 1, "%s%s", file_name, ".tmp");
-
+
tmpfd = creat(tmp_file, S_IRUSR|S_IWUSR);
umask(omask);
fclose(pfile);
goto cleanup;
}
-
+
/* Copy only those lines which donot have the specified service dn */
- while(fgets(line, MAX_LEN, pfile) != NULL) {
- if (( strstr(line, service_object) != NULL ) &&
- ( line[strlen(service_object)] == '#')) {
+ while (fgets(line, MAX_LEN, pfile) != NULL) {
+ if ((strstr(line, service_object) != NULL) &&
+ (line[strlen(service_object)] == '#')) {
continue;
- }
- else {
+ } else {
len = strlen(line);
if (write(tmpfd, line, len) != len) {
com_err(me, errno, "while deleting entry from file\n");
}
}
}
-
+
fclose(pfile);
if (unlink(file_name) == 0) {
link(tmp_file, file_name);
- }
- else {
+ } else {
com_err(me, errno, "while deleting entry from file\n");
}
unlink(tmp_file);
-
+
st=0;
- cleanup:
-
- if(tmp_file)
+cleanup:
+
+ if (tmp_file)
free(tmp_file);
return st;
* This function will delete the service object from the LDAP Server
* and unlink the references to the Realm objects (if any)
*/
-void
+void
kdb5_ldap_destroy_service(argc, argv)
int argc;
char *argv[];
krb5_boolean print_usage = FALSE;
if ((argc < 2) || (argc > 5)) {
- exit_status++;
+ exit_status++;
goto err_usage;
}
- for( i=1; i < argc; i++) {
-
- if(strcmp(argv[i],"-force")==0) {
+ for (i=1; i < argc; i++) {
+
+ if (strcmp(argv[i],"-force")==0) {
force++;
- }
- else if(strcmp(argv[i],"-f")==0) {
- if(argv[i+1]) {
+ } else if (strcmp(argv[i],"-f")==0) {
+ if (argv[i+1]) {
stashfilename=strdup(argv[i+1]);
- if(stashfilename == NULL) {
+ if (stashfilename == NULL) {
com_err(argv[0], ENOMEM, "while destroying service");
exit_status++;
goto cleanup;
}
i++;
- }
- else {
+ } else {
exit_status++;
goto err_usage;
}
- }
- else {
- if((argv[i]) && ( servicedn == NULL) ){
+ } else {
+ if ((argv[i]) && (servicedn == NULL)) {
servicedn=strdup(argv[i]);
- if(servicedn == NULL) {
+ if (servicedn == NULL) {
com_err(argv[0], ENOMEM, "while destroying service");
exit_status++;
goto cleanup;
}
- }
- else {
+ } else {
exit_status++;
goto err_usage;
}
}
}
- if(!servicedn) {
+ if (!servicedn) {
exit_status++;
goto err_usage;
}
printf("This will delete the service object '%s', are you sure?\n", servicedn);
printf("(type 'yes' to confirm)? ");
if (fgets(buf, sizeof(buf), stdin) == NULL) {
- exit_status++;
+ exit_status++;
goto cleanup;;
}
if (strcmp(buf, yes)) {
- exit_status++;
+ exit_status++;
goto cleanup;
}
}
- if ((retval = krb5_ldap_read_service( util_context, servicedn,
- &lserparams, &mask))) {
- com_err(argv[0], retval, "while destroying service '%s'",servicedn );
- exit_status++;
+ if ((retval = krb5_ldap_read_service(util_context, servicedn,
+ &lserparams, &mask))) {
+ com_err(argv[0], retval, "while destroying service '%s'",servicedn);
+ exit_status++;
goto cleanup;
}
retval = krb5_ldap_delete_service(util_context, lserparams, servicedn);
if (retval) {
- com_err(argv[0], retval, "while destroying service '%s'", servicedn);
- exit_status++;
+ com_err(argv[0], retval, "while destroying service '%s'", servicedn);
+ exit_status++;
goto cleanup;
}
-
- if(stashfilename == NULL) {
+
+ if (stashfilename == NULL) {
stashfilename = strdup(DEF_SERVICE_PASSWD_FILE);
- if(stashfilename == NULL) {
+ if (stashfilename == NULL) {
com_err(argv[0], ENOMEM, "while destroying service");
exit_status++;
goto cleanup;
}
}
printf("** service object '%s' deleted.\n", servicedn);
- retval = rem_service_entry_from_file(argc, argv, stashfilename, servicedn );
-
- if(retval)
+ retval = rem_service_entry_from_file(argc, argv, stashfilename, servicedn);
+
+ if (retval)
printf("** error removing service object entry '%s' from password file.\n",
- servicedn);
-
+ servicedn);
+
goto cleanup;
-
-
- err_usage:
+
+
+err_usage:
print_usage = TRUE;
-
- cleanup:
- if(lserparams) {
+cleanup:
+
+ if (lserparams) {
krb5_ldap_free_service(util_context, lserparams);
}
- if(servicedn) {
+ if (servicedn) {
free(servicedn);
}
-
- if(stashfilename) {
+
+ if (stashfilename) {
free(stashfilename);
}
-
- if(print_usage) {
+
+ if (print_usage) {
db_usage(DESTROY_SERVICE);
}
krb5_boolean print_usage = FALSE;
if (!(argc == 2)) {
- exit_status++;
+ exit_status++;
goto err_usage;
}
-
+
servicedn=strdup(argv[1]);
- if(servicedn == NULL) {
+ if (servicedn == NULL) {
com_err(argv[0], ENOMEM, "while viewing service");
exit_status++;
goto cleanup;
}
-
- if ((retval = krb5_ldap_read_service( util_context, servicedn, &lserparams, &mask))) {
- com_err(argv[0], retval, "while viewing service '%s'",servicedn );
- exit_status++;
- goto cleanup;
+
+ if ((retval = krb5_ldap_read_service(util_context, servicedn, &lserparams, &mask))) {
+ com_err(argv[0], retval, "while viewing service '%s'",servicedn);
+ exit_status++;
+ goto cleanup;
}
-
+
print_service_params(lserparams, mask);
goto cleanup;
- err_usage:
+err_usage:
print_usage = TRUE;
- cleanup:
+cleanup:
- if(lserparams) {
+ if (lserparams) {
krb5_ldap_free_service(util_context, lserparams);
}
- if(servicedn)
+ if (servicedn)
free(servicedn);
- if(print_usage) {
+ if (print_usage) {
db_usage(VIEW_SERVICE);
}
-
+
return;
}
/*
- * This function will list the DNs of kerberos services present on
+ * This function will list the DNs of kerberos services present on
* the LDAP Server under a specific sub-tree (entire tree by default)
*/
void kdb5_ldap_list_services(argc, argv)
/* Check for number of arguments */
if ((argc != 1) && (argc != 3)) {
- exit_status++;
+ exit_status++;
goto err_usage;
}
/* Parse base DN argument if present */
if (argc == 3) {
- if (strcmp(argv[1], "-basedn")) {
- retval = EINVAL;
- goto err_usage;
- }
+ if (strcmp(argv[1], "-basedn")) {
+ retval = EINVAL;
+ goto err_usage;
+ }
- basedn = strdup(argv[2]);
- if (basedn == NULL) {
- com_err(me, ENOMEM, "while listing services");
- exit_status++;
- goto cleanup;
- }
+ basedn = strdup(argv[2]);
+ if (basedn == NULL) {
+ com_err(me, ENOMEM, "while listing services");
+ exit_status++;
+ goto cleanup;
+ }
}
retval = krb5_ldap_list_services(util_context, basedn, &list);
- if((retval != 0) || (list == NULL)) {
- exit_status++;
- goto cleanup;
+ if ((retval != 0) || (list == NULL)) {
+ exit_status++;
+ goto cleanup;
}
-
- for(plist = list; *plist != NULL; plist++) {
- printf("%s\n", *plist);
+
+ for (plist = list; *plist != NULL; plist++) {
+ printf("%s\n", *plist);
}
goto cleanup;
cleanup:
if (list != NULL) {
- krb5_free_list_entries (list);
- free (list);
+ krb5_free_list_entries (list);
+ free (list);
}
if (basedn)
free (basedn);
if (print_usage) {
- db_usage(LIST_SERVICE);
+ db_usage(LIST_SERVICE);
}
if (retval) {
- com_err(me, retval, "while listing policy objects");
- exit_status++;
+ com_err(me, retval, "while listing policy objects");
+ exit_status++;
}
-
+
return;
}
printf("%20s%-20s\n","Service dn: ",lserparams->servicedn);
/* Print the service type of the object to be read */
- if( lserparams->servicetype == LDAP_KDC_SERVICE ) {
+ if (lserparams->servicetype == LDAP_KDC_SERVICE) {
printf("%20s%-20s\n","Service type: ","kdc");
- }
- else if( lserparams->servicetype == LDAP_ADMIN_SERVICE ) {
+ } else if (lserparams->servicetype == LDAP_ADMIN_SERVICE) {
printf("%20s%-20s\n","Service type: ","admin");
- }
- else if( lserparams->servicetype == LDAP_PASSWD_SERVICE ) {
+ } else if (lserparams->servicetype == LDAP_PASSWD_SERVICE) {
printf("%20s%-20s\n","Service type: ","pwd");
}
/* Print the host server values */
printf("%20s\n","Service host list: ");
- if ( mask & LDAP_SERVICE_HOSTSERVER ) {
- for ( i=0; lserparams->krbhostservers[i] != NULL; ++i ) {
+ if (mask & LDAP_SERVICE_HOSTSERVER) {
+ for (i=0; lserparams->krbhostservers[i] != NULL; ++i) {
printf("%20s%-50s\n","",lserparams->krbhostservers[i]);
}
}
/* Print the realm reference dn values */
printf("%20s\n","Realm DN list: ");
- if ( mask & LDAP_SERVICE_REALMREFERENCE ) {
- for ( i=0; lserparams && lserparams->krbrealmreferences && lserparams->krbrealmreferences[i] != NULL; ++i ) {
+ if (mask & LDAP_SERVICE_REALMREFERENCE) {
+ for (i=0; lserparams && lserparams->krbrealmreferences && lserparams->krbrealmreferences[i] != NULL; ++i) {
printf("%20s%-50s\n","",lserparams->krbrealmreferences[i]);
}
}
-
+
return;
}
/*
- * This function will generate random password of length(RANDOM_PASSWD_LEN)
- *
+ * This function will generate random password of length(RANDOM_PASSWD_LEN)
+ *
*
* INPUT:
* ctxt - context
*
* OUTPUT:
- * RANDOM_PASSWD_LEN length random password
+ * RANDOM_PASSWD_LEN length random password
*/
static int generate_random_password(krb5_context ctxt, char **randpwd, unsigned int *passlen)
{
- char *random_pwd = NULL;
- int ret = 0;
- krb5_data data;
- int i=0;
- /*int len = 0;*/
-
- /* setting random password length in the range 16-32 */
- srand((unsigned int)(time(0) ^ getpid()));
-
- data.length = RANDOM_PASSWD_LEN;
- random_pwd = (char *)malloc(data.length + 1);
- if (random_pwd == NULL) {
- com_err("setsrvpw", ENOMEM, "while generating random password");
- return ENOMEM;
- }
- memset(random_pwd, 0, data.length + 1);
- data.data = random_pwd;
-
- ret = krb5_c_random_make_octets(ctxt, &data);
- if(ret) {
- com_err("setsrvpw", ret, "Error generating random password");
- free(random_pwd);
- return ret;
- }
-
- for (i=0; i<data.length; i++)
- {
- /* restricting to ascii chars. Need to change this when 8.8 supports */
- if ((unsigned char)random_pwd[i] > 127)
- {
- random_pwd[i] = (unsigned char)random_pwd[i] % 128;
- }
- else if (random_pwd[i] == 0)
- {
- random_pwd[i] = (rand()/(RAND_MAX/127 + 1))+1;
- }
+ char *random_pwd = NULL;
+ int ret = 0;
+ krb5_data data;
+ int i=0;
+ /*int len = 0;*/
+
+ /* setting random password length in the range 16-32 */
+ srand((unsigned int)(time(0) ^ getpid()));
+
+ data.length = RANDOM_PASSWD_LEN;
+ random_pwd = (char *)malloc(data.length + 1);
+ if (random_pwd == NULL) {
+ com_err("setsrvpw", ENOMEM, "while generating random password");
+ return ENOMEM;
+ }
+ memset(random_pwd, 0, data.length + 1);
+ data.data = random_pwd;
+
+ ret = krb5_c_random_make_octets(ctxt, &data);
+ if (ret) {
+ com_err("setsrvpw", ret, "Error generating random password");
+ free(random_pwd);
+ return ret;
+ }
+
+ for (i=0; i<data.length; i++) {
+ /* restricting to ascii chars. Need to change this when 8.8 supports */
+ if ((unsigned char)random_pwd[i] > 127) {
+ random_pwd[i] = (unsigned char)random_pwd[i] % 128;
+ } else if (random_pwd[i] == 0) {
+ random_pwd[i] = (rand()/(RAND_MAX/127 + 1))+1;
}
+ }
- *randpwd = random_pwd;
- *passlen = data.length;
+ *randpwd = random_pwd;
+ *passlen = data.length;
return 0;
}
/*
- * This function will set the password of the service object in the directory
+ * This function will set the password of the service object in the directory
* and/or the specified service password file.
- *
+ *
*
* INPUT:
* argc - contains the number of arguments for this sub-command
kdb5_dal_handle *dal_handle = NULL;
struct data encrypted_passwd = {0, NULL};
- /* The arguments for setsrv password should contain the service object DN
- * and options to specify whether the password should be updated in file only
+ /* The arguments for setsrv password should contain the service object DN
+ * and options to specify whether the password should be updated in file only
* or both file and directory. So the possible combination of arguments are:
* setsrvpw servicedn wherein argc is 2
* setsrvpw -fileonly servicedn wherein argc is 3
* setsrvpw -randpw -f filename servicedn wherein argc is 5
*/
if ((argc < 2) || (argc > 5)) {
- print_usage = TRUE;
- goto cleanup;
+ print_usage = TRUE;
+ goto cleanup;
}
dal_handle = (kdb5_dal_handle *)util_context->db_context;
lparams = (krb5_ldap_context *) dal_handle->db_context;
if (lparams == NULL) {
- printf("%s: Invalid LDAP handle\n", me);
- goto cleanup;
+ printf("%s: Invalid LDAP handle\n", me);
+ goto cleanup;
}
- /* Parse the arguments */
- for(i = 1; i < argc -1 ; i++) {
- if (strcmp(argv[i], "-randpw") == 0) {
- random_passwd = 1;
- }
- else if (strcmp(argv[i], "-fileonly") == 0) {
- set_dir_pwd = 0;
- }
- else if (strcmp(argv[i], "-f") == 0) {
- if (argv[++i] == NULL) {
- print_usage = TRUE;
- goto cleanup;
- }
-
- file_name = strdup(argv[i]);
- if (file_name == NULL) {
- com_err(me, ENOMEM, "while setting service object password");
- goto cleanup;
- }
- /* Verify if the file location has the proper file name
- * for eg, if the file location is a directory like /home/temp/,
- * we reject it.
- */
- filelen = strlen(file_name);
- if ((filelen == 0) || (file_name[filelen-1] == '/')) {
- printf("%s: Filename not specified for setting service object password\n", me);
- print_usage = TRUE;
- goto cleanup;
- }
- }
- else {
- printf("%s: Invalid option specified for \"setsrvpw\" command\n", me);
- print_usage = TRUE;
- goto cleanup;
- }
+ /* Parse the arguments */
+ for (i = 1; i < argc -1 ; i++) {
+ if (strcmp(argv[i], "-randpw") == 0) {
+ random_passwd = 1;
+ } else if (strcmp(argv[i], "-fileonly") == 0) {
+ set_dir_pwd = 0;
+ } else if (strcmp(argv[i], "-f") == 0) {
+ if (argv[++i] == NULL) {
+ print_usage = TRUE;
+ goto cleanup;
+ }
+
+ file_name = strdup(argv[i]);
+ if (file_name == NULL) {
+ com_err(me, ENOMEM, "while setting service object password");
+ goto cleanup;
+ }
+ /* Verify if the file location has the proper file name
+ * for eg, if the file location is a directory like /home/temp/,
+ * we reject it.
+ */
+ filelen = strlen(file_name);
+ if ((filelen == 0) || (file_name[filelen-1] == '/')) {
+ printf("%s: Filename not specified for setting service object password\n", me);
+ print_usage = TRUE;
+ goto cleanup;
+ }
+ } else {
+ printf("%s: Invalid option specified for \"setsrvpw\" command\n", me);
+ print_usage = TRUE;
+ goto cleanup;
+ }
}
if (i != argc-1) {
- print_usage = TRUE;
- goto cleanup;
+ print_usage = TRUE;
+ goto cleanup;
}
-
+
service_object = strdup(argv[i]);
if (service_object == NULL) {
- com_err(me, ENOMEM, "while setting service object password");
- goto cleanup;
+ com_err(me, ENOMEM, "while setting service object password");
+ goto cleanup;
}
if (strlen(service_object) == 0) {
- printf("%s: Service object not specified for \"setsrvpw\" command\n", me);
- print_usage = TRUE;
- goto cleanup;
+ printf("%s: Service object not specified for \"setsrvpw\" command\n", me);
+ print_usage = TRUE;
+ goto cleanup;
}
if (service_object[0] == '-') {
- print_usage = TRUE;
- goto cleanup;
+ print_usage = TRUE;
+ goto cleanup;
}
if (file_name == NULL) {
- file_name = strdup(DEF_SERVICE_PASSWD_FILE);
- if (file_name == NULL) {
- com_err(me, ENOMEM, "while setting service object password");
- goto cleanup;
- }
+ file_name = strdup(DEF_SERVICE_PASSWD_FILE);
+ if (file_name == NULL) {
+ com_err(me, ENOMEM, "while setting service object password");
+ goto cleanup;
+ }
}
if (set_dir_pwd) {
- if ( db_inited == FALSE ) {
- if ((errcode = krb5_ldap_db_init(util_context, lparams))) {
- com_err(me, errcode, "while initializing database");
- goto cleanup;
- }
- db_init_local = TRUE;
- }
- }
-
+ if (db_inited == FALSE) {
+ if ((errcode = krb5_ldap_db_init(util_context, lparams))) {
+ com_err(me, errcode, "while initializing database");
+ goto cleanup;
+ }
+ db_init_local = TRUE;
+ }
+ }
+
if (random_passwd) {
- if (!set_dir_pwd) {
- printf("%s: Invalid option specified for \"setsrvpw\" command\n", me);
- print_usage = TRUE;
- goto cleanup;
- }
- else {
- /* Generate random password */
-
- if ((errcode = generate_random_password(util_context, &passwd, &passwd_len))) {
- printf("%s: Failed to set service object password\n", me);
- goto cleanup;
- }
- passwd_len = strlen(passwd);
- }
- }
- else {
- /* Get the service object password from the terminal */
- passwd = (char *)malloc(MAX_SERVICE_PASSWD_LEN + 1);
- if (passwd == NULL) {
- com_err(me, ENOMEM, "while setting service object password");
- goto cleanup;
- }
- memset(passwd, 0, MAX_SERVICE_PASSWD_LEN + 1);
- passwd_len = MAX_SERVICE_PASSWD_LEN;
-
- len = strlen(service_object);
- /* size of allocation=strlen of servicedn + strlen("Password for \" \"")=20 */
- prompt1 = (char *)malloc(len + 20);
- if (prompt1 == NULL) {
- com_err(me, ENOMEM, "while setting service object password");
- goto cleanup;
- }
- sprintf(prompt1, "Password for \"%s\"", service_object);
-
- /* size of allocation=strlen of servicedn + strlen("Re-enter Password for \" \"")=30 */
- prompt2 = (char *)malloc(len + 30);
- if (prompt2 == NULL) {
- com_err(me, ENOMEM, "while setting service object password");
- free(prompt1);
- goto cleanup;
- }
- sprintf(prompt2, "Re-enter password for \"%s\"", service_object);
-
- retval = krb5_read_password(util_context, prompt1, prompt2, passwd, &passwd_len);
- free(prompt1);
- free(prompt2);
- if (retval) {
- com_err(me, retval, "while setting service object password");
- memset(passwd, 0, MAX_SERVICE_PASSWD_LEN);
- goto cleanup;
- }
- if (passwd_len == 0) {
- printf("%s: Invalid password\n", me);
- memset(passwd, 0, MAX_SERVICE_PASSWD_LEN);
- goto cleanup;
- }
- passwd_len = strlen(passwd);
+ if (!set_dir_pwd) {
+ printf("%s: Invalid option specified for \"setsrvpw\" command\n", me);
+ print_usage = TRUE;
+ goto cleanup;
+ } else {
+ /* Generate random password */
+
+ if ((errcode = generate_random_password(util_context, &passwd, &passwd_len))) {
+ printf("%s: Failed to set service object password\n", me);
+ goto cleanup;
+ }
+ passwd_len = strlen(passwd);
+ }
+ } else {
+ /* Get the service object password from the terminal */
+ passwd = (char *)malloc(MAX_SERVICE_PASSWD_LEN + 1);
+ if (passwd == NULL) {
+ com_err(me, ENOMEM, "while setting service object password");
+ goto cleanup;
+ }
+ memset(passwd, 0, MAX_SERVICE_PASSWD_LEN + 1);
+ passwd_len = MAX_SERVICE_PASSWD_LEN;
+
+ len = strlen(service_object);
+ /* size of allocation=strlen of servicedn + strlen("Password for \" \"")=20 */
+ prompt1 = (char *)malloc(len + 20);
+ if (prompt1 == NULL) {
+ com_err(me, ENOMEM, "while setting service object password");
+ goto cleanup;
+ }
+ sprintf(prompt1, "Password for \"%s\"", service_object);
+
+ /* size of allocation=strlen of servicedn + strlen("Re-enter Password for \" \"")=30 */
+ prompt2 = (char *)malloc(len + 30);
+ if (prompt2 == NULL) {
+ com_err(me, ENOMEM, "while setting service object password");
+ free(prompt1);
+ goto cleanup;
+ }
+ sprintf(prompt2, "Re-enter password for \"%s\"", service_object);
+
+ retval = krb5_read_password(util_context, prompt1, prompt2, passwd, &passwd_len);
+ free(prompt1);
+ free(prompt2);
+ if (retval) {
+ com_err(me, retval, "while setting service object password");
+ memset(passwd, 0, MAX_SERVICE_PASSWD_LEN);
+ goto cleanup;
+ }
+ if (passwd_len == 0) {
+ printf("%s: Invalid password\n", me);
+ memset(passwd, 0, MAX_SERVICE_PASSWD_LEN);
+ goto cleanup;
+ }
+ passwd_len = strlen(passwd);
}
/* Hex the password */
{
- krb5_data pwd, hex;
- pwd.length = passwd_len;
- pwd.data = passwd;
-
- errcode = tohex(pwd, &hex);
- if (errcode != 0) {
- if(hex.length != 0) {
- memset(hex.data, 0, hex.length);
- free(hex.data);
- }
- com_err(me, errcode, "Failed to convert the password to hex");
- memset(passwd, 0, passwd_len);
- goto cleanup;
- }
- /* Password = {CRYPT}<encrypted password>:<encrypted key> */
- encrypted_passwd.value = (unsigned char *)malloc(strlen(service_object) +
+ krb5_data pwd, hex;
+ pwd.length = passwd_len;
+ pwd.data = passwd;
+
+ errcode = tohex(pwd, &hex);
+ if (errcode != 0) {
+ if (hex.length != 0) {
+ memset(hex.data, 0, hex.length);
+ free(hex.data);
+ }
+ com_err(me, errcode, "Failed to convert the password to hex");
+ memset(passwd, 0, passwd_len);
+ goto cleanup;
+ }
+ /* Password = {CRYPT}<encrypted password>:<encrypted key> */
+ encrypted_passwd.value = (unsigned char *)malloc(strlen(service_object) +
1 + 5 + hex.length + 2);
- if (encrypted_passwd.value == NULL) {
- com_err(me, ENOMEM, "while setting service object password");
- memset(passwd, 0, passwd_len);
- memset(hex.data, 0, hex.length);
- free(hex.data);
- goto cleanup;
- }
- encrypted_passwd.value[strlen(service_object) +
+ if (encrypted_passwd.value == NULL) {
+ com_err(me, ENOMEM, "while setting service object password");
+ memset(passwd, 0, passwd_len);
+ memset(hex.data, 0, hex.length);
+ free(hex.data);
+ goto cleanup;
+ }
+ encrypted_passwd.value[strlen(service_object) +
1 + 5 + hex.length + 1] = '\0';
- sprintf((char *)encrypted_passwd.value, "%s#{HEX}%s\n", service_object, hex.data);
- encrypted_passwd.len = strlen((char *)encrypted_passwd.value);
- memset(hex.data, 0, hex.length);
- free(hex.data);
+ sprintf((char *)encrypted_passwd.value, "%s#{HEX}%s\n", service_object, hex.data);
+ encrypted_passwd.len = strlen((char *)encrypted_passwd.value);
+ memset(hex.data, 0, hex.length);
+ free(hex.data);
}
/* We should check if the file exists and we have permission to write into that file */
if (access(file_name, W_OK) == -1) {
- if (errno == ENOENT) {
- mode_t omask;
- int fd = -1;
-
- printf("File does not exist. Creating the file %s...\n", file_name );
- omask = umask(077);
- fd = creat(file_name, S_IRUSR|S_IWUSR);
- umask(omask);
- if (fd == -1) {
- com_err(me, errno, "Error creating file %s", file_name);
- memset(passwd, 0, passwd_len);
- goto cleanup;
+ if (errno == ENOENT) {
+ mode_t omask;
+ int fd = -1;
+
+ printf("File does not exist. Creating the file %s...\n", file_name);
+ omask = umask(077);
+ fd = creat(file_name, S_IRUSR|S_IWUSR);
+ umask(omask);
+ if (fd == -1) {
+ com_err(me, errno, "Error creating file %s", file_name);
+ memset(passwd, 0, passwd_len);
+ goto cleanup;
}
- close(fd);
- }
- else {
- com_err(me, errno, "Unable to access the file %s", file_name);
- memset(passwd, 0, passwd_len);
- goto cleanup;
- }
+ close(fd);
+ } else {
+ com_err(me, errno, "Unable to access the file %s", file_name);
+ memset(passwd, 0, passwd_len);
+ goto cleanup;
+ }
}
if (set_dir_pwd) {
- if ((errcode = krb5_ldap_set_service_passwd(util_context, service_object, passwd)) != 0) {
- com_err(me, errcode, "Failed to set password for service object %s", service_object);
- memset(passwd, 0, passwd_len);
- goto cleanup;
- }
+ if ((errcode = krb5_ldap_set_service_passwd(util_context, service_object, passwd)) != 0) {
+ com_err(me, errcode, "Failed to set password for service object %s", service_object);
+ memset(passwd, 0, passwd_len);
+ goto cleanup;
+ }
}
memset(passwd, 0, passwd_len);
/* set password in the file */
pfile = fopen(file_name, "r+");
if (pfile == NULL) {
- com_err(me, errno, "Failed to open file %s", file_name);
- goto cleanup;
+ com_err(me, errno, "Failed to open file %s", file_name);
+ goto cleanup;
}
- while(fgets(line, MAX_LEN, pfile) != NULL) {
- if ((str = strstr(line, service_object)) != NULL) {
- if(line[strlen(service_object)] == '#') {
- break;
- }
- str = NULL;
- }
+ while (fgets(line, MAX_LEN, pfile) != NULL) {
+ if ((str = strstr(line, service_object)) != NULL) {
+ if (line[strlen(service_object)] == '#') {
+ break;
+ }
+ str = NULL;
+ }
}
if (str == NULL) {
- if(feof(pfile)) {
- /* If the service object dn is not present in the service password file */
- if (fwrite(encrypted_passwd.value, (unsigned int)encrypted_passwd.len, 1, pfile) != 1) {
- com_err(me, errno, "Failed to write service object password to file");
- goto cleanup;
- }
- }
- else {
- com_err(me, errno, "Error reading service object password file");
- goto cleanup;
- }
- fclose(pfile);
- pfile = NULL;
- }
- else {
- /* Password entry for the service object is already present in the file */
- /* Delete the existing entry and add the new entry */
- FILE *newfile = NULL;
- mode_t omask;
-
- /* Create a new file with the extension .tmp */
- tmp_file = (char *) malloc(sizeof(char) * (strlen(file_name) + 4 + 1));
- if (tmp_file == NULL) {
- com_err(me, ENOMEM, "while setting service object password");
- goto cleanup;
- }
- sprintf(tmp_file,"%s.%s",file_name,"tmp");
-
- omask = umask(077);
- newfile = fopen(tmp_file, "w+");
- umask(omask);
- if (newfile == NULL) {
- com_err(me, errno, "Error creating file %s", tmp_file);
- goto cleanup;
- }
-
-
- fseek(pfile, 0, SEEK_SET);
- while(fgets(line, MAX_LEN, pfile) != NULL) {
- if (((str = strstr(line, service_object)) != NULL) && (line[strlen(service_object)] == '#')) {
- if (fprintf(newfile, "%s", encrypted_passwd.value) < 0) {
- com_err(me, errno, "Failed to write service object password to file");
- fclose(newfile);
- unlink(tmp_file);
- goto cleanup;
- }
- }
- else {
- len = strlen(line);
- if (fprintf(newfile, "%s", line) < 0) {
- com_err(me, errno, "Failed to write service object password to file");
- fclose(newfile);
- unlink(tmp_file);
- goto cleanup;
- }
- }
- }
-
- if(!feof(pfile)) {
- com_err(me, errno, "Error reading service object password file");
- fclose(newfile);
- unlink(tmp_file);
- goto cleanup;
- }
-
- /* TODO: file lock for the service password file */
- fclose(pfile);
- pfile = NULL;
+ if (feof(pfile)) {
+ /* If the service object dn is not present in the service password file */
+ if (fwrite(encrypted_passwd.value, (unsigned int)encrypted_passwd.len, 1, pfile) != 1) {
+ com_err(me, errno, "Failed to write service object password to file");
+ goto cleanup;
+ }
+ } else {
+ com_err(me, errno, "Error reading service object password file");
+ goto cleanup;
+ }
+ fclose(pfile);
+ pfile = NULL;
+ } else {
+ /* Password entry for the service object is already present in the file */
+ /* Delete the existing entry and add the new entry */
+ FILE *newfile = NULL;
+ mode_t omask;
+
+ /* Create a new file with the extension .tmp */
+ tmp_file = (char *) malloc(sizeof(char) * (strlen(file_name) + 4 + 1));
+ if (tmp_file == NULL) {
+ com_err(me, ENOMEM, "while setting service object password");
+ goto cleanup;
+ }
+ sprintf(tmp_file,"%s.%s",file_name,"tmp");
+
+ omask = umask(077);
+ newfile = fopen(tmp_file, "w+");
+ umask(omask);
+ if (newfile == NULL) {
+ com_err(me, errno, "Error creating file %s", tmp_file);
+ goto cleanup;
+ }
+
+
+ fseek(pfile, 0, SEEK_SET);
+ while (fgets(line, MAX_LEN, pfile) != NULL) {
+ if (((str = strstr(line, service_object)) != NULL) && (line[strlen(service_object)] == '#')) {
+ if (fprintf(newfile, "%s", encrypted_passwd.value) < 0) {
+ com_err(me, errno, "Failed to write service object password to file");
+ fclose(newfile);
+ unlink(tmp_file);
+ goto cleanup;
+ }
+ } else {
+ len = strlen(line);
+ if (fprintf(newfile, "%s", line) < 0) {
+ com_err(me, errno, "Failed to write service object password to file");
+ fclose(newfile);
+ unlink(tmp_file);
+ goto cleanup;
+ }
+ }
+ }
+
+ if (!feof(pfile)) {
+ com_err(me, errno, "Error reading service object password file");
+ fclose(newfile);
+ unlink(tmp_file);
+ goto cleanup;
+ }
+
+ /* TODO: file lock for the service password file */
+ fclose(pfile);
+ pfile = NULL;
fclose(newfile);
- newfile = NULL;
-
- if (unlink(file_name) == 0) {
- link(tmp_file, file_name);
- }
- else {
- com_err(me, errno, "Failed to write service object password to file");
- unlink(tmp_file);
- goto cleanup;
- }
- unlink(tmp_file);
+ newfile = NULL;
+
+ if (unlink(file_name) == 0) {
+ link(tmp_file, file_name);
+ } else {
+ com_err(me, errno, "Failed to write service object password to file");
+ unlink(tmp_file);
+ goto cleanup;
+ }
+ unlink(tmp_file);
}
errcode = 0;
-
+
cleanup:
if (db_init_local)
- krb5_ldap_close(util_context);
+ krb5_ldap_close(util_context);
if (service_object)
- free(service_object);
-
+ free(service_object);
+
if (file_name)
- free(file_name);
+ free(file_name);
if (passwd)
- free(passwd);
+ free(passwd);
if (encrypted_passwd.value) {
- memset(encrypted_passwd.value, 0, encrypted_passwd.len);
- free(encrypted_passwd.value);
+ memset(encrypted_passwd.value, 0, encrypted_passwd.len);
+ free(encrypted_passwd.value);
}
if (pfile)
- fclose(pfile);
+ fclose(pfile);
if (tmp_file)
- free(tmp_file);
+ free(tmp_file);
if (print_usage)
- db_usage(SET_SRV_PW);
+ db_usage(SET_SRV_PW);
return errcode;
}
}
/* Pick up the stash-file name from krb5.conf */
- profile_get_string( util_context->profile, KDB_REALM_SECTION,
- util_context->default_realm, KDB_MODULE_POINTER, NULL, §ion );
+ profile_get_string(util_context->profile, KDB_REALM_SECTION,
+ util_context->default_realm, KDB_MODULE_POINTER, NULL, §ion);
- if(section == NULL) {
- profile_get_string( util_context->profile, KDB_MODULE_DEF_SECTION,
- KDB_MODULE_POINTER, NULL, NULL, §ion);
- if(section == NULL) {
+ if (section == NULL) {
+ profile_get_string(util_context->profile, KDB_MODULE_DEF_SECTION,
+ KDB_MODULE_POINTER, NULL, NULL, §ion);
+ if (section == NULL) {
/* Stash file path neither in krb5.conf nor on command line */
file_name = strdup(DEF_SERVICE_PASSWD_FILE);
goto done;
}
profile_get_string (util_context->profile, KDB_MODULE_SECTION, section,
- "ldap_service_password_file", NULL, &file_name);
+ "ldap_service_password_file", NULL, &file_name);
}
done:
/* size of prompt = strlen of servicedn + strlen("Password for \" \"") */
assert (sizeof (prompt1) > (strlen (service_object)
- + sizeof ("Password for \" \"")));
+ + sizeof ("Password for \" \"")));
sprintf(prompt1, "Password for \"%s\"", service_object);
/* size of prompt = strlen of servicedn + strlen("Re-enter Password for \" \"") */
assert (sizeof (prompt2) > (strlen (service_object)
- + sizeof ("Re-enter Password for \" \"")));
+ + sizeof ("Re-enter Password for \" \"")));
sprintf(prompt2, "Re-enter password for \"%s\"", service_object);
ret = krb5_read_password(util_context, prompt1, prompt2, passwd, &passwd_len);
pwd.data = passwd;
ret = tohex(pwd, &hexpasswd);
- if(ret != 0){
+ if (ret != 0) {
com_err(me, ret, "Failed to convert the password to hexadecimal");
- memset(passwd, 0, passwd_len);
+ memset(passwd, 0, passwd_len);
goto cleanup;
}
}
}
if (str == NULL) {
- if(feof(pfile)) {
+ if (feof(pfile)) {
/* If the service object dn is not present in the service password file */
if (fprintf(pfile, "%s#{HEX}%s\n", service_object, hexpasswd.data) < 0) {
com_err(me, errno, "Failed to write service object password to file");
fclose(pfile);
goto cleanup;
}
- }
- else {
+ } else {
com_err(me, errno, "Error reading service object password file");
fclose(pfile);
goto cleanup;
}
fseek(pfile, 0, SEEK_SET);
- while(fgets(line, MAX_LEN, pfile) != NULL) {
+ while (fgets(line, MAX_LEN, pfile) != NULL) {
if (((str = strstr(line, service_object)) != NULL) &&
- (line[strlen(service_object)] == '#')) {
+ (line[strlen(service_object)] == '#')) {
if (fprintf(newfile, "%s#{HEX}%s\n", service_object, hexpasswd.data) < 0) {
com_err(me, errno, "Failed to write service object password to file");
fclose(newfile);
fclose(pfile);
goto cleanup;
}
- }
+ }
}
- if(!feof(pfile)) {
+ if (!feof(pfile)) {
com_err(me, errno, "Error reading service object password file");
fclose(newfile);
unlink(tmp_file);
cleanup:
- if(hexpasswd.length != 0) {
- memset(hexpasswd.data, 0, hexpasswd.length);
+ if (hexpasswd.length != 0) {
+ memset(hexpasswd.data, 0, hexpasswd.length);
free(hexpasswd.data);
}
free(tmp_file);
if (print_usage)
- usage();
+ usage();
/* db_usage(STASH_SRV_PW); */
return ret;
/* Copyright (c) 2004-2005, Novell, Inc.
* All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
+ * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * The copyright holder's name is not used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * POSSIBILITY OF SUCH DAMAGE.
*/
#include "ldap_misc.h"
#define DEF_SERVICE_PASSWD_FILE "/usr/local/var/service_passwd"
struct data{
- int len;
- unsigned char *value;
+ int len;
+ unsigned char *value;
};
extern int enc_password(struct data pwd, struct data *enc_key, struct data *enc_pass);
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
- *
+ *
*
* Edit a KDC database.
*/
/*
* Copyright (C) 1998 by the FundsXpress, INC.
- *
+ *
* All rights reserved.
- *
+ *
* Export of this software from the United States of America may require
* a specific license from the United States Government. It is the
* responsibility of any person or organization contemplating export to
* obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* permission. FundsXpress makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
- *
+ *
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
char *progname;
krb5_boolean manual_mkey = FALSE;
-/*
- * This function prints the usage of kdb5_ldap_util, which is
+/*
+ * This function prints the usage of kdb5_ldap_util, which is
* the LDAP configuration utility.
*/
void usage()
{
- fprintf(stderr, "Usage: "
+ fprintf(stderr, "Usage: "
"kdb5_ldap_util [-D user_dn [-w passwd]] [-h ldap_server] [-p ldap_port]\n"
"\tcmd [cmd_options]\n"
/* List policies */
"list_policy [-basedn base_dn]\n"
-);
+ );
}
void db_usage (int type) {
* same order as listed in this table.
*/
static struct _cmd_table {
- char *name;
- cmd_func func;
- int opendb;
+ char *name;
+ cmd_func func;
+ int opendb;
} cmd_table[] = {
- {"create", kdb5_ldap_create, 1},
- {"modify", kdb5_ldap_modify, 1},
- {"view", kdb5_ldap_view, 1},
- {"destroy", kdb5_ldap_destroy, 1},
- {"list", kdb5_ldap_list, 1},
+ {"create", kdb5_ldap_create, 1},
+ {"modify", kdb5_ldap_modify, 1},
+ {"view", kdb5_ldap_view, 1},
+ {"destroy", kdb5_ldap_destroy, 1},
+ {"list", kdb5_ldap_list, 1},
#ifdef HAVE_EDIRECTORY
- {"create_service", kdb5_ldap_create_service, 1},
- {"modify_service", kdb5_ldap_modify_service, 1},
- {"view_service", kdb5_ldap_view_service, 1},
- {"destroy_service", kdb5_ldap_destroy_service, 1},
- {"list_service",kdb5_ldap_list_services,1},
- {"setsrvpw", kdb5_ldap_set_service_password, 0},
-#else
- {"stashsrvpw", kdb5_ldap_stash_service_password, 0},
+ {"create_service", kdb5_ldap_create_service, 1},
+ {"modify_service", kdb5_ldap_modify_service, 1},
+ {"view_service", kdb5_ldap_view_service, 1},
+ {"destroy_service", kdb5_ldap_destroy_service, 1},
+ {"list_service",kdb5_ldap_list_services,1},
+ {"setsrvpw", kdb5_ldap_set_service_password, 0},
+#else {"stashsrvpw", kdb5_ldap_stash_service_password, 0},
#endif
- {"create_policy", kdb5_ldap_create_policy, 1},
- {"modify_policy", kdb5_ldap_modify_policy, 1},
- {"view_policy", kdb5_ldap_view_policy, 1},
- {"destroy_policy", kdb5_ldap_destroy_policy, 1},
- {"list_policy", kdb5_ldap_list_policies, 1},
- {NULL, NULL, 0},
+ {"create_policy", kdb5_ldap_create_policy, 1},
+ {"modify_policy", kdb5_ldap_modify_policy, 1},
+ {"view_policy", kdb5_ldap_view_policy, 1},
+ {"destroy_policy", kdb5_ldap_destroy_policy, 1},
+ {"list_policy", kdb5_ldap_list_policies, 1},
+ {NULL, NULL, 0},
};
* command name and returns NULL if nothing matches.
*/
static struct _cmd_table *cmd_lookup(name)
- char *name;
+ char *name;
{
int i;
char *argv[];
{
struct _cmd_table *cmd = NULL;
- char *koptarg = NULL, **cmd_argv = NULL;
+ char *koptarg = NULL, **cmd_argv = NULL;
int cmd_argc = 0;
krb5_error_code retval;
int usage_print = 0;
retval = krb5_init_context(&util_context);
set_com_err_hook(extended_com_err_fn);
if (retval) {
- com_err (progname, retval, "while initializing Kerberos code");
+ com_err (progname, retval, "while initializing Kerberos code");
exit_status++;
goto cleanup;
}
cmd_argv = (char **) malloc(sizeof(char *)*argc);
if (cmd_argv == NULL) {
- com_err(progname, ENOMEM, "while creating sub-command arguments");
- exit_status++;
+ com_err(progname, ENOMEM, "while creating sub-command arguments");
+ exit_status++;
goto cleanup;
}
memset(cmd_argv, 0, sizeof(char *)*argc);
cmd_argc = 1;
memset(&global_params, 0, sizeof(kadm5_config_params));
-
+
argv++; argc--;
while (*argv) {
- if (strcmp(*argv, "--help") == 0) {
- print_help_message = TRUE;
- }
- if (strcmp(*argv, "-P") == 0 && ARG_VAL) {
+ if (strcmp(*argv, "--help") == 0) {
+ print_help_message = TRUE;
+ }
+ if (strcmp(*argv, "-P") == 0 && ARG_VAL) {
mkey_password = koptarg;
manual_mkey = TRUE;
- } else if (strcmp(*argv, "-r") == 0 && ARG_VAL) {
+ } else if (strcmp(*argv, "-r") == 0 && ARG_VAL) {
global_params.realm = koptarg;
global_params.mask |= KADM5_CONFIG_REALM;
/* not sure this is really necessary */
exit_status++;
goto cleanup;
}
- } else if (strcmp(*argv, "-k") == 0 && ARG_VAL) {
+ } else if (strcmp(*argv, "-k") == 0 && ARG_VAL) {
if (krb5_string_to_enctype(koptarg, &global_params.enctype))
com_err(argv[0], 0, "%s is an invalid enctype", koptarg);
else
global_params.mask |= KADM5_CONFIG_ENCTYPE;
- } else if (strcmp(*argv, "-M") == 0 && ARG_VAL) {
+ } else if (strcmp(*argv, "-M") == 0 && ARG_VAL) {
global_params.mkey_name = koptarg;
global_params.mask |= KADM5_CONFIG_MKEY_NAME;
- } else if (strcmp(*argv, "-sf") == 0 && ARG_VAL) {
+ } else if (strcmp(*argv, "-sf") == 0 && ARG_VAL) {
global_params.stash_file = koptarg;
global_params.mask |= KADM5_CONFIG_STASH_FILE;
- } else if (strcmp(*argv, "-m") == 0) {
+ } else if (strcmp(*argv, "-m") == 0) {
manual_mkey = TRUE;
global_params.mkey_from_kbd = 1;
global_params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
- } else if (strcmp(*argv, "-D") == 0 && ARG_VAL) {
- bind_dn = koptarg;
- if (bind_dn == NULL) {
- com_err(progname, ENOMEM, "while reading ldap parameters");
- exit_status++;
- goto cleanup;
- }
- ldapmask |= CMD_LDAP_D;
- } else if (strcmp(*argv, "-w") == 0 && ARG_VAL) {
- passwd = strdup(koptarg);
- if (passwd == NULL) {
- com_err(progname, ENOMEM, "while reading ldap parameters");
- exit_status++;
- goto cleanup;
- }
- ldapmask |= CMD_LDAP_W;
- } else if (strcmp(*argv, "-h") == 0 && ARG_VAL) {
- ldap_server = koptarg;
- if (ldap_server == NULL) {
- com_err(progname, ENOMEM, "while reading ldap parameters");
- exit_status++;
- goto cleanup;
- }
- ldapmask |= CMD_LDAP_H;
- } else if (strcmp(*argv, "-p") == 0 && ARG_VAL) {
- ldap_port = koptarg;
- if (ldap_port == NULL) {
- com_err(progname, ENOMEM, "while reading ldap parameters");
- exit_status++;
- goto cleanup;
- }
- ldapmask |= CMD_LDAP_P;
- } else if (cmd_lookup(*argv) != NULL) {
+ } else if (strcmp(*argv, "-D") == 0 && ARG_VAL) {
+ bind_dn = koptarg;
+ if (bind_dn == NULL) {
+ com_err(progname, ENOMEM, "while reading ldap parameters");
+ exit_status++;
+ goto cleanup;
+ }
+ ldapmask |= CMD_LDAP_D;
+ } else if (strcmp(*argv, "-w") == 0 && ARG_VAL) {
+ passwd = strdup(koptarg);
+ if (passwd == NULL) {
+ com_err(progname, ENOMEM, "while reading ldap parameters");
+ exit_status++;
+ goto cleanup;
+ }
+ ldapmask |= CMD_LDAP_W;
+ } else if (strcmp(*argv, "-h") == 0 && ARG_VAL) {
+ ldap_server = koptarg;
+ if (ldap_server == NULL) {
+ com_err(progname, ENOMEM, "while reading ldap parameters");
+ exit_status++;
+ goto cleanup;
+ }
+ ldapmask |= CMD_LDAP_H;
+ } else if (strcmp(*argv, "-p") == 0 && ARG_VAL) {
+ ldap_port = koptarg;
+ if (ldap_port == NULL) {
+ com_err(progname, ENOMEM, "while reading ldap parameters");
+ exit_status++;
+ goto cleanup;
+ }
+ ldapmask |= CMD_LDAP_P;
+ } else if (cmd_lookup(*argv) != NULL) {
if (cmd_argv[0] == NULL)
cmd_argv[0] = *argv;
else {
usage();
goto cleanup;
}
- } else {
+ } else {
cmd_argv[cmd_argc++] = *argv;
- }
- argv++; argc--;
+ }
+ argv++; argc--;
}
if (cmd_argv[0] == NULL) {
char *cmd_name = cmd_argv[0];
free(cmd_argv);
cmd_argv = NULL;
- usage();
+ usage();
goto cleanup;
}
-
+
/* We need to check for the presence of default realm name only in
* the case of realm related operations like create, destroy etc.
*/
if ((strcmp(cmd_argv[0], "create") == 0) ||
- (strcmp(cmd_argv[0], "destroy") == 0) ||
- (strcmp(cmd_argv[0], "modify") == 0) ||
- (strcmp(cmd_argv[0], "view") == 0)
- ) {
- realm_name_required = TRUE;
+ (strcmp(cmd_argv[0], "destroy") == 0) ||
+ (strcmp(cmd_argv[0], "modify") == 0) ||
+ (strcmp(cmd_argv[0], "view") == 0)
+ ) {
+ realm_name_required = TRUE;
}
- if( !util_context->default_realm ) {
+ if (!util_context->default_realm) {
char *temp = NULL;
retval = krb5_get_default_realm(util_context, &temp);
- if( retval ) {
+ if (retval) {
if (realm_name_required) {
com_err (progname, retval, "while getting default realm");
exit_status++;
goto cleanup;
}
- }
- else
+ } else
util_context->default_realm = temp;
}
/* If we have the realm name, we can safely say that
* realm_name is required so that we don't neglect any information.
*/
else
- realm_name_required = TRUE;
-
- retval = profile_get_string( util_context->profile, KDB_REALM_SECTION,
- util_context->default_realm, KDB_MODULE_POINTER,
- NULL,
- &value );
-
- if(!(value)) {
- retval = profile_get_string( util_context->profile, KDB_MODULE_DEF_SECTION,
- KDB_MODULE_POINTER, NULL,
- NULL,
- &value );
- if(!(value)) {
- if (util_context->default_realm)
- conf_section = strdup( util_context->default_realm );
- }
- else {
+ realm_name_required = TRUE;
+
+ retval = profile_get_string(util_context->profile, KDB_REALM_SECTION,
+ util_context->default_realm, KDB_MODULE_POINTER,
+ NULL,
+ &value);
+
+ if (!(value)) {
+ retval = profile_get_string(util_context->profile, KDB_MODULE_DEF_SECTION,
+ KDB_MODULE_POINTER, NULL,
+ NULL,
+ &value);
+ if (!(value)) {
+ if (util_context->default_realm)
+ conf_section = strdup(util_context->default_realm);
+ } else {
conf_section = strdup(value);
free(value);
- }
- }
- else {
+ }
+ } else {
conf_section = strdup(value);
free(value);
}
if (realm_name_required) {
- retval = kadm5_get_config_params(util_context, 1,
+ retval = kadm5_get_config_params(util_context, 1,
&global_params, &global_params);
- if (retval) {
- com_err(argv[0], retval, "while retreiving configuration parameters");
- exit_status++;
- goto cleanup;
- }
+ if (retval) {
+ com_err(argv[0], retval, "while retreiving configuration parameters");
+ exit_status++;
+ goto cleanup;
+ }
gp_is_static = 0;
}
/* If LDAP parameters are specified, replace them with the values from config */
if (ldapmask & CMD_LDAP_D) {
- /* If password is not specified, prompt for it */
- if (passwd == NULL) {
- passwd = (char *)malloc(MAX_PASSWD_LEN);
- if (passwd == NULL) {
- com_err(argv[0], ENOMEM, "while retrieving ldap configuration");
- exit_status++;
- goto cleanup;
- }
- prompt = (char *)malloc(MAX_PASSWD_PROMPT_LEN);
- if (prompt == NULL) {
- free(passwd);
+ /* If password is not specified, prompt for it */
+ if (passwd == NULL) {
+ passwd = (char *)malloc(MAX_PASSWD_LEN);
+ if (passwd == NULL) {
+ com_err(argv[0], ENOMEM, "while retrieving ldap configuration");
+ exit_status++;
+ goto cleanup;
+ }
+ prompt = (char *)malloc(MAX_PASSWD_PROMPT_LEN);
+ if (prompt == NULL) {
+ free(passwd);
passwd = NULL;
- com_err(argv[0], ENOMEM, "while retrieving ldap configuration");
- exit_status++;
- goto cleanup;
- }
- memset(passwd, 0, sizeof(passwd));
- passwd_len = MAX_PASSWD_LEN - 1;
- snprintf(prompt, MAX_PASSWD_PROMPT_LEN, "Password for \"%s\"", bind_dn);
-
- db_retval = krb5_read_password(util_context, prompt, NULL, passwd, &passwd_len);
-
- if ((db_retval) || (passwd_len == 0)) {
- com_err(argv[0], ENOMEM, "while retrieving ldap configuration");
- free(passwd);
+ com_err(argv[0], ENOMEM, "while retrieving ldap configuration");
+ exit_status++;
+ goto cleanup;
+ }
+ memset(passwd, 0, sizeof(passwd));
+ passwd_len = MAX_PASSWD_LEN - 1;
+ snprintf(prompt, MAX_PASSWD_PROMPT_LEN, "Password for \"%s\"", bind_dn);
+
+ db_retval = krb5_read_password(util_context, prompt, NULL, passwd, &passwd_len);
+
+ if ((db_retval) || (passwd_len == 0)) {
+ com_err(argv[0], ENOMEM, "while retrieving ldap configuration");
+ free(passwd);
passwd = NULL;
- exit_status++;
- goto cleanup;
- }
- }
+ exit_status++;
+ goto cleanup;
+ }
+ }
- ldap_context->bind_pwd = passwd;
+ ldap_context->bind_pwd = passwd;
}
/* If ldaphost is specified, release entry filled by configuration & use this */
if (ldapmask & CMD_LDAP_H) {
- ldap_context->server_info_list = (krb5_ldap_server_info **) calloc (2, sizeof (krb5_ldap_server_info *)) ;
- if (ldap_context->server_info_list == NULL) {
- com_err(argv[0], ENOMEM, "while initializing server list");
- exit_status++;
- goto cleanup;
- }
-
- ldap_context->server_info_list[0] = (krb5_ldap_server_info *) calloc (1, sizeof (krb5_ldap_server_info));
- if (ldap_context->server_info_list[0] == NULL) {
- com_err(argv[0], ENOMEM, "while initializing server list");
- exit_status++;
- goto cleanup;
- }
-
- ldap_context->server_info_list[0]->server_status = NOTSET;
-
- ldap_context->server_info_list[0]->server_name = strdup(ldap_server);
- if (ldap_context->server_info_list[0]->server_name == NULL) {
- com_err(argv[0], ENOMEM, "while initializing server list");
- exit_status++;
- goto cleanup;
- }
+ ldap_context->server_info_list = (krb5_ldap_server_info **) calloc (2, sizeof (krb5_ldap_server_info *)) ;
+ if (ldap_context->server_info_list == NULL) {
+ com_err(argv[0], ENOMEM, "while initializing server list");
+ exit_status++;
+ goto cleanup;
+ }
+
+ ldap_context->server_info_list[0] = (krb5_ldap_server_info *) calloc (1, sizeof (krb5_ldap_server_info));
+ if (ldap_context->server_info_list[0] == NULL) {
+ com_err(argv[0], ENOMEM, "while initializing server list");
+ exit_status++;
+ goto cleanup;
+ }
+
+ ldap_context->server_info_list[0]->server_status = NOTSET;
+
+ ldap_context->server_info_list[0]->server_name = strdup(ldap_server);
+ if (ldap_context->server_info_list[0]->server_name == NULL) {
+ com_err(argv[0], ENOMEM, "while initializing server list");
+ exit_status++;
+ goto cleanup;
+ }
}
/* If ldapport is specified, release entry filled by configuration & use this*/
if (ldapmask & CMD_LDAP_P) {
ldap_context->port = atoi(ldap_port);
}
if (bind_dn) {
- ldap_context->bind_dn = strdup(bind_dn);
+ ldap_context->bind_dn = strdup(bind_dn);
if (ldap_context->bind_dn == NULL) {
- com_err(argv[0], ENOMEM, "while retrieving ldap configuration");
- exit_status++;
- goto cleanup;
+ com_err(argv[0], ENOMEM, "while retrieving ldap configuration");
+ exit_status++;
+ goto cleanup;
}
} else
- ldap_context->bind_dn = NULL;
+ ldap_context->bind_dn = NULL;
ldap_context->service_type = SERVICE_DN_TYPE_CLIENT;
- if(realm_name_required) {
- if ((global_params.enctype != ENCTYPE_UNKNOWN) &&
+ if (realm_name_required) {
+ if ((global_params.enctype != ENCTYPE_UNKNOWN) &&
(!krb5_c_valid_enctype(global_params.enctype))) {
- com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP,
- "while setting up enctype %d", global_params.enctype);
- }
+ com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP,
+ "while setting up enctype %d", global_params.enctype);
+ }
}
cmd = cmd_lookup(cmd_argv[0]);
/* Setup DAL handle to access the database */
- dal_handle = calloc( (size_t)1, sizeof(kdb5_dal_handle) );
- if( dal_handle == NULL ) {
+ dal_handle = calloc((size_t)1, sizeof(kdb5_dal_handle));
+ if (dal_handle == NULL) {
goto cleanup;
}
dal_handle->db_context = ldap_context;
util_context->db_context = (void *) dal_handle;
-
+
db_retval = krb5_ldap_read_server_params(util_context, conf_section, KRB5_KDB_SRV_TYPE_OTHER);
if (db_retval) {
- com_err(argv[0], db_retval, "while reading ldap configuration");
- exit_status++;
- goto cleanup;
+ com_err(argv[0], db_retval, "while reading ldap configuration");
+ exit_status++;
+ goto cleanup;
}
-
+
if (cmd->opendb) {
- db_retval = krb5_ldap_db_init( util_context, ldap_context);
+ db_retval = krb5_ldap_db_init(util_context, ldap_context);
if (db_retval) {
com_err(progname, db_retval, "while initializing database");
exit_status++;
cleanup:
if (passwd)
- memset(passwd, 0, sizeof(passwd));
+ memset(passwd, 0, sizeof(passwd));
if (ldap_context && ldap_context->bind_pwd)
- memset(ldap_context->bind_pwd, 0, sizeof(ldap_context->bind_pwd));
+ memset(ldap_context->bind_pwd, 0, sizeof(ldap_context->bind_pwd));
if (util_context) {
if (gp_is_static == 0)
kadm5_free_config_params(util_context, &global_params);
- krb5_ldap_close(util_context);
- krb5_free_context(util_context);
+ krb5_ldap_close(util_context);
+ krb5_free_context(util_context);
}
if (cmd_argv)
- free(cmd_argv);
+ free(cmd_argv);
if (prompt)
- free(prompt);
+ free(prompt);
if (conf_section)
- free(conf_section);
+ free(conf_section);
if (dal_handle)
free(dal_handle);
if (usage_print) {
- usage();
+ usage();
}
return exit_status;
}
-